CVE-2017-6168
published 2017-11-17CVE-2017-6168: On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server…
high7.4CVSS 3.0
AVNACHPRNUINSUCHIHAN
On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-ip_aam | — | — |
| f5 | big-ip_afm | — | — |
| f5 | big-ip_afm | — | — |
| f5 | big-ip_afm | 11.6.0 – 11.6.2 | — |
| f5 | big-ip_afm | 12.0.0 – 12.1.2 | — |
| f5 | big-ip_analytics | — | — |
| f5 | big-ip_analytics | — | — |
| f5 | big-ip_analytics | 11.6.0 – 11.6.2 | — |
| f5 | big-ip_analytics | 12.0.0 – 12.1.2 | — |
| f5 | big-ip_apm | — | — |
| f5 | big-ip_apm | — | — |
| f5 | big-ip_apm | 11.6.0 – 11.6.2 | — |
| f5 | big-ip_apm | 12.0.0 – 12.1.2 | — |
| f5 | big-ip_application_acceleration_manager | — | — |
| f5 | big-ip_application_acceleration_manager | 11.6.0 – 11.6.2 | — |
| f5 | big-ip_application_acceleration_manager | 12.0.0 – 12.1.2 | — |
| f5 | big-ip_asm | — | — |
| f5 | big-ip_asm | — | — |
| f5 | big-ip_asm | 11.6.0 – 11.6.2 | — |
| f5 | big-ip_asm | 12.0.0 – 12.1.2 | — |
| f5 | big-ip_link_controller | — | — |
| f5 | big-ip_link_controller | — | — |
| f5 | big-ip_link_controller | 11.6.0 – 11.6.2 | — |
| f5 | big-ip_link_controller | 12.0.0 – 12.1.2 | — |
| f5 | big-ip_ltm | — | — |
GHSA
GHSA-j523-gf5p-f8pm: On BIG-IP versions 11
ghsa_unreviewed·2022-05-13
CVE-2017-6168 [HIGH] CWE-203 GHSA-j523-gf5p-f8pm: On BIG-IP versions 11
On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack.
F5
CVE-2017-6168: On BIG-IP versions 11
vendor_f5·2017-11-17·CVSS 7.4
CVE-2017-6168 [HIGH] CWE-203 CVE-2017-6168: On BIG-IP versions 11
CVE-2017-6168: On BIG-IP versions 11
On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack.
Affected Products: BIG-IP AAM, BIG-IP Analytics, BIG-IP Link Controller, Big-Ip Afm, Big-Ip Apm, Big-Ip Asm, Big-Ip Ltm, Big-Ip Pem, Websafe
Affected Versions: 11.6.0 - 11.6.2; 11.6.2; 12.0.0 - 12.1.2; 13.0.0
F5 Advisory Articles: K21905460
F5 Ref
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/101901http://www.securitytracker.com/id/1039839https://robotattack.org/https://support.f5.com/csp/article/K21905460https://www.kb.cert.org/vuls/id/144389http://www.securityfocus.com/bid/101901http://www.securitytracker.com/id/1039839https://robotattack.org/https://support.f5.com/csp/article/K21905460https://www.kb.cert.org/vuls/id/144389
2017-11-17
Published