Race Condition Vulnerability in F5 BIG-IP Products by F5 Networks
CVE-2017-6167

7.5HIGH

Key Information:

Vendor: F5
Status: Big-ip Ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Link Controller, Pem, Websafe
Vendor: CVE Published:; 21 December 2017

What is CVE-2017-6167?

A race condition vulnerability in the iControl REST API of F5 BIG-IP software versions 13.0.0 and 12.1.0 to 12.1.2 may allow attackers to execute commands with elevated privilege levels. This flaw may be leveraged to compromise the security posture of affected systems, potentially leading to unauthorized actions within the network environment. Organizations using these versions should assess their exposure and implement available security patches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe 13.0.0

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe 12.1.0 - 12.1.2

References

https://support.f5.com/csp/article/K24465120

x_refsource_CONFIRM

http://www.securitytracker.com/id/1040053

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 21, 2017
Vulnerability Reserved
Feb 21, 2017

JSON

F5

What is CVE-2017-6167?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.