Denial-of-Service Vulnerability in F5 BIG-IP and Associated Products
CVE-2017-6128

7.5HIGH

Summary

The vulnerability allows an attacker to potentially exploit the sshd component within F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow, leading to denial-of-service conditions. This could disrupt the functionality of the affected systems, rendering services unavailable. Organizations using these F5 products should evaluate their configurations and apply necessary patches or mitigations to protect against potential exploit scenarios highlighted in recent security advisories.

Affected Version(s)

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WebSafe varies depending on product - see https://support.f5.com/csp/article/K92140924 for table

BIG-IQ Cloud, Device, Security, ADC, Centralized Management, Cloud and Orchestration varies depending on product - see https://support.f5.com/csp/article/K92140924 for table

Enterprise Manager varies depending on product - see https://support.f5.com/csp/article/K92140924 for table

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.