Denial-of-Service Vulnerability in F5 BIG-IP and Associated Products
CVE-2017-6128

7.5HIGH

Key Information:

Vendor
F5
Status
Big-ip Ltm, Aam, Afm, Analytics, Apm, Asm, Edge Gateway, Gtm, Link Controller, Pem, Psm, Webaccelerator, Websafe
Enterprise Manager
Big-iq Cloud, Device, Security, Adc, Centralized Management, Cloud And Orchestration
Iworkflow
Vendor
CVE Published:
1 May 2017

Summary

The vulnerability allows an attacker to potentially exploit the sshd component within F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow, leading to denial-of-service conditions. This could disrupt the functionality of the affected systems, rendering services unavailable. Organizations using these F5 products should evaluate their configurations and apply necessary patches or mitigations to protect against potential exploit scenarios highlighted in recent security advisories.

Affected Version(s)

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WebSafe varies depending on product - see https://support.f5.com/csp/article/K92140924 for table

BIG-IQ Cloud, Device, Security, ADC, Centralized Management, Cloud and Orchestration varies depending on product - see https://support.f5.com/csp/article/K92140924 for table

Enterprise Manager varies depending on product - see https://support.f5.com/csp/article/K92140924 for table

References

http://www.securitytracker.com/id/1038363
vdb-entryx_refsource_SECTRACK
https://support.f5.com/csp/article/K92140924
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038362
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.