Remote Code Execution Vulnerability in F5 SSL Intercept iApp
CVE-2017-0305

9.8CRITICAL

Key Information:

Vendor: F5 Networks
Status: Ssl Intercept Iapp Version
Vendor: CVE Published:; 6 April 2017

🔔 Create F5 Networks Vulnerability Alert

What is CVE-2017-0305?

The F5 SSL Intercept iApp versions 1.5.0 to 1.5.7 are susceptible to an unauthenticated remote exploit that can allow attackers to alter the BIG-IP system configuration, retrieve sensitive files from the system, and potentially execute commands remotely. This vulnerability is particularly critical when the Explicit Proxy feature is utilized alongside the SNAT Auto Map option for managing egress traffic. Organizations using these configurations should take immediate action to mitigate potential threats.

Affected Version(s)

SSL Intercept iApp version 1.5.0 - 1.5.7

References

https://support.f5.com/csp/article/K53244431

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 6, 2017
Vulnerability Reserved
Nov 9, 2016