CVE-2017-6168

CWE-2034 documents4 sources
Severity
7.4HIGH
EPSS
75.9%
top 1.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
F5 Big-ip AFMF5 Big-ip AnalyticsF5 Big-ip APM+6 more
Timeline
PublishedNov 17
Latest updateMay 13

Description

On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages9 packages

NVDf5/websafe12.0.012.1.2+2
NVDf5/big-ip_afm11.6.011.6.2+2
NVDf5/big-ip_apm11.6.011.6.2+2
NVDf5/big-ip_asm11.6.011.6.2+2
NVDf5/big-ip_ltm11.6.011.6.2+2

🔴Vulnerability Details

2
GHSA
GHSA-j523-gf5p-f8pm: On BIG-IP versions 112022-05-13
CVEList
CVE-2017-6168: On BIG-IP versions 112017-11-17

📋Vendor Advisories

1
F5
CVE-2017-6168: On BIG-IP versions 112017-11-17