CVE-2017-6167

CWE-362Race Condition5 documents4 sources
Severity
7.5HIGH
EPSS
0.3%
top 45.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+7 more
Timeline
PublishedDec 21
Latest updateMay 14

Description

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages10 packages

NVDf5/big-ip_link_controller12.1.012.1.2+1
NVDf5/big-ip_websafe12.1.012.1.2+1
NVDf5/big-ip_analytics12.1.012.1.2+1
NVDf5/big-ip_dns12.1.012.1.2+1
NVDf5/big-ip_access_policy_manager12.1.012.1.2+1

🔴Vulnerability Details

2
GHSA
GHSA-x497-qvmr-99vq: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 132022-05-14
CVEList
CVE-2017-6167: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 132017-12-21

📋Vendor Advisories

2
F5
CVE-2021-22974: On BIG-IP version 162021-02-12
F5
CVE-2017-6167: In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 132017-12-21
CVE-2017-6167 (HIGH CVSS 7.5) | In F5 BIG-IP LTM | cvebase.io