Race Condition Vulnerability in F5 BIG-IP Products by F5 Networks
CVE-2017-6167

7.5HIGH

Key Information:

Vendor: F5
Status: Big-ip Ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Link Controller, Pem, Websafe
Vendor: CVE Published:; 21 December 2017

Summary

A race condition vulnerability in the iControl REST API of F5 BIG-IP software versions 13.0.0 and 12.1.0 to 12.1.2 may allow attackers to execute commands with elevated privilege levels. This flaw may be leveraged to compromise the security posture of affected systems, potentially leading to unauthorized actions within the network environment. Organizations using these versions should assess their exposure and implement available security patches.

Affected Version(s)

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe 13.0.0

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe 12.1.0 - 12.1.2

References

https://support.f5.com/csp/article/K24465120

x_refsource_CONFIRM

http://www.securitytracker.com/id/1040053

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 21, 2017
Vulnerability Reserved
Feb 21, 2017