Search criteria
42 vulnerabilities found for big-ip_dns by f5
FKIE_CVE-2017-6150
Vulnerability from fkie_nvd - Published: 2018-03-01 16:29 - Updated: 2024-11-21 03:29
Severity ?
Summary
Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM).
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | http://www.securityfocus.com/bid/103235 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K62712037 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103235 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K62712037 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | 13.0.0 | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | 13.0.0 | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | 13.0.0 | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | 13.0.0 | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | 13.0.0 | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | 13.0.0 | |
| f5 | big-ip_dns | * | |
| f5 | big-ip_dns | 13.0.0 | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | 13.0.0 | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | 13.0.0 | |
| f5 | big-ip_websafe | * | |
| f5 | big-ip_websafe | 13.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3E8BFC-B1CF-4685-BC18-D991DAFE5D03",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74CDA31-23E8-4AB9-9D52-3107185379CF",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34C598BD-EA65-411F-8D2E-BB0C10700B7E",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "367A6C6C-8FEC-4040-B199-B5E76B7DB81E",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2C21C8-E666-4240-80B1-C0184A601524",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65C12F1-E3E5-4473-A48D-47941A159ED5",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CAD89E-DE40-4EC8-B7D4-B0BF809D906F",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93674162-3A63-4F05-B68F-B7D54B0AAE98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6B9E75-3DC4-479A-8031-7CA01A682116",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2487AD7-F334-4BDF-A7E5-2217608A0016",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76C8BE66-5528-468B-8C07-804E34D9B66A",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E56D76-1A89-46AB-9C17-CB24662FFDE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM)."
},
{
"lang": "es",
"value": "Bajo ciertas condiciones para los sistemas F5 BIG-IP 13.0.0 o 12.1.0 - 12.1.3.1 que emplean perfiles FastL4, cuando la opci\u00f3n Reassemble IP Fragments est\u00e1 deshabilitada (por defecto), algunos paquetes grandes fragmentados podr\u00edan reiniciar el TMM (Traffic Management Microkernel)."
}
],
"id": "CVE-2017-6150",
"lastModified": "2024-11-21T03:29:08.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-01T16:29:00.230",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103235"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K62712037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K62712037"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-5500
Vulnerability from fkie_nvd - Published: 2018-03-01 16:29 - Updated: 2024-11-21 04:08
Severity ?
Summary
On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | http://www.securityfocus.com/bid/103217 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K33211839 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103217 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K33211839 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "597AB2D4-B0E0-4437-9298-C9FC2E34247E",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3E8BFC-B1CF-4685-BC18-D991DAFE5D03",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ECBB647-0E28-4A45-8E49-A02C4974B6A9",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B74CDA31-23E8-4AB9-9D52-3107185379CF",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C838ECE-BCC6-4D71-A36B-CF053A95BD5C",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34C598BD-EA65-411F-8D2E-BB0C10700B7E",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8F37A2F-1205-4726-8C84-49E555FB3524",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "367A6C6C-8FEC-4040-B199-B5E76B7DB81E",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB3F5D-E82B-4B0F-9EF2-0CC7CCCE3E2F",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2C21C8-E666-4240-80B1-C0184A601524",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BE301F2-BF84-4B0D-BD32-F58899A93106",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F65C12F1-E3E5-4473-A48D-47941A159ED5",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84E884F6-4799-4CCE-9ECC-368FD5C1F5C7",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6CAD89E-DE40-4EC8-B7D4-B0BF809D906F",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93674162-3A63-4F05-B68F-B7D54B0AAE98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9984B71A-89EA-4E5E-8E4D-1EA3D06F003F",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6B9E75-3DC4-479A-8031-7CA01A682116",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC5F967-BD7E-4B43-BB24-07B66A7006D9",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2487AD7-F334-4BDF-A7E5-2217608A0016",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F2D318-6CE1-471C-AF57-8D790000962C",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "76C8BE66-5528-468B-8C07-804E34D9B66A",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E56D76-1A89-46AB-9C17-CB24662FFDE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "730BC966-10B2-4A2E-BF12-EC4DE70DE968",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0B11AC1-E658-47F4-93E0-495190398A5C",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3374BE-6A37-48B5-83D4-D61558A8433E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B848B902-CF3B-4534-823C-4343EAE98A2A",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "75CF4931-4586-4843-B9DB-D6C2E37C6571",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3914B25C-4E86-4C00-A199-4C9A99BA2EC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "725BAE35-A9A3-4AEF-BAC1-18D445D241D5",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69ED882C-C20B-42D4-9F30-693BD3059307",
"versionEndIncluding": "12.1.3.1",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E703FAB-BFCD-47A1-94BD-DD63879DE883",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue."
},
{
"lang": "es",
"value": "En sistemas F5 BIG-IP que ejecutan las versiones 13.0.0, 12.1.0 - 12.1.3.1 o 11.6.1 - 11.6.2, cada conexi\u00f3n Multipath TCP (MCTCP) que se establece filtra una peque\u00f1a cantidad de memoria. Los servidores virtuales que emplean el perfil TCP con la caracter\u00edstica Multipath TCP (MCTCP) habilitada se ver\u00e1n afectados por este problema."
}
],
"id": "CVE-2018-5500",
"lastModified": "2024-11-21T04:08:55.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-01T16:29:00.337",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103217"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K33211839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K33211839"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-5501
Vulnerability from fkie_nvd - Published: 2018-03-01 16:29 - Updated: 2024-11-21 04:08
Severity ?
Summary
In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | http://www.securityfocus.com/bid/103211 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K44200194 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103211 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K44200194 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4663779D-B659-487D-813A-1A4E0F92D231",
"versionEndIncluding": "11.5.4",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "597AB2D4-B0E0-4437-9298-C9FC2E34247E",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD4DFE3-9071-4808-AE24-2CCA5DB5BA80",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9EA336A-8055-4DA8-8F79-07C4ADE83E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACEB01A3-7240-4A9F-9E76-A28BAC82161D",
"versionEndIncluding": "11.5.4",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ECBB647-0E28-4A45-8E49-A02C4974B6A9",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D00EED-F95D-4458-BDC4-3390DE85348B",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05EAC483-AD5B-41C2-98F1-A186E2DCB04E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89AADD07-A4FE-4BD9-8D36-7E6AC6D9ACD3",
"versionEndIncluding": "11.5.4",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C838ECE-BCC6-4D71-A36B-CF053A95BD5C",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5011C2D-FBB5-4117-BB97-11DE70117345",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FDC1C0F-A00A-456C-AB51-CD139B15CB61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6D6D4C8D-26C0-4636-8B3A-6A8D3FF9EFCD",
"versionEndIncluding": "11.5.4",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8F37A2F-1205-4726-8C84-49E555FB3524",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79344F94-2CB8-4F08-9373-61614A38476C",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "867B2CA9-DAE5-4070-B8E6-F624C59F5054",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4B2EF2-2D4E-4EF6-B005-8EB318EA87DD",
"versionEndIncluding": "11.5.4",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEB3F5D-E82B-4B0F-9EF2-0CC7CCCE3E2F",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BB42D3A-71EE-4367-9F65-86404D74E59D",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB630A86-FB84-4199-9E4D-38EB620806CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CCE70E9-B646-49CF-B530-560B2D446241",
"versionEndIncluding": "11.5.4",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BE301F2-BF84-4B0D-BD32-F58899A93106",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "397AC4A5-B67C-483B-84F7-8CB294BB460C",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A635FEC4-4F52-4971-A67D-47E68108E4F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1E8E16CA-ED64-4616-A28E-0EA7D5E3A901",
"versionEndIncluding": "11.5.4",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84E884F6-4799-4CCE-9ECC-368FD5C1F5C7",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF76753-AE8C-40F1-BD1D-71F679AB467E",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D2D7449-7C4E-4F20-897A-4792160FA5D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93674162-3A63-4F05-B68F-B7D54B0AAE98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7092498-F7E8-4D65-AC09-76C448A78811",
"versionEndIncluding": "11.5.4",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9984B71A-89EA-4E5E-8E4D-1EA3D06F003F",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60189636-02D6-44CA-BE2A-7777E3C409CD",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD53088-3BD4-4AF9-8934-4905231A75E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0EBB0AF-3BD2-4BE4-B6AB-5E054A0A5309",
"versionEndIncluding": "11.5.4",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC5F967-BD7E-4B43-BB24-07B66A7006D9",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD75094-3248-4D37-969E-75272F6F31D6",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D964BBB4-B343-43C6-A7A1-39BD9E1EEA16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF56E55-0332-4FA4-8377-C6F3B1BDE012",
"versionEndIncluding": "11.5.4",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F2D318-6CE1-471C-AF57-8D790000962C",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "937055BD-53FC-4D8E-B965-D676AA5ABA4C",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD9136F-100A-4747-84B7-33D6D8905DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E56D76-1A89-46AB-9C17-CB24662FFDE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5001D508-122D-4C60-BD54-EF184CA1B933",
"versionEndIncluding": "11.5.4",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "730BC966-10B2-4A2E-BF12-EC4DE70DE968",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A11E433-943D-4D92-B45E-3FA268094278",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3136A8D1-3D0D-46B3-9A3A-737074864F1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3374BE-6A37-48B5-83D4-D61558A8433E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B54AD8F2-80A8-4023-B301-B89CC43E53C6",
"versionEndIncluding": "11.5.4",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B848B902-CF3B-4534-823C-4343EAE98A2A",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57CCB85A-6F90-4DB7-B0F8-AE5250E1DCFE",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "84452450-77FA-4708-9C86-5464D541C8ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3914B25C-4E86-4C00-A199-4C9A99BA2EC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB24325-5EA0-4D6B-980F-140FF1BBE8DC",
"versionEndIncluding": "11.5.4",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "725BAE35-A9A3-4AEF-BAC1-18D445D241D5",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7860523-E8B3-4BEE-853A-6F0B5BCDDA5A",
"versionEndIncluding": "12.1.3",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7FCC81-2F1D-4EF5-956B-085FB7FEFAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E703FAB-BFCD-47A1-94BD-DD63879DE883",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control."
},
{
"lang": "es",
"value": "En algunas circunstancias, en sistemas F5 BIG-IP que ejecutan 13.0.0, 12.1.0 - 12.1.3.1, cualquier versi\u00f3n 11.6.x o 11.5.x o 11.2.1, el perfil TCP DNS permite el buffering excesivo debido a la falta de control de flujo."
}
],
"id": "CVE-2018-5501",
"lastModified": "2024-11-21T04:08:55.750",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-01T16:29:00.400",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103211"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K44200194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K44200194"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-6135
Vulnerability from fkie_nvd - Published: 2017-12-21 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | http://www.securitytracker.com/id/1040050 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K43322910 | Issue Tracking, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040050 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K43322910 | Issue Tracking, Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | big-ip_local_traffic_manager | 13.0.0 | |
| f5 | big-ip_application_acceleration_manager | 13.0.0 | |
| f5 | big-ip_advanced_firewall_manager | 13.0.0 | |
| f5 | big-ip_analytics | 13.0.0 | |
| f5 | big-ip_access_policy_manager | 13.0.0 | |
| f5 | big-ip_application_security_manager | 13.0.0 | |
| f5 | big-ip_dns | 13.0.0 | |
| f5 | big-ip_global_traffic_manager | 13.0.0 | |
| f5 | big-ip_link_controller | 13.0.0 | |
| f5 | big-ip_policy_enforcement_manager | 13.0.0 | |
| f5 | big-ip_websafe | 13.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93674162-3A63-4F05-B68F-B7D54B0AAE98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3914B25C-4E86-4C00-A199-4C9A99BA2EC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E56D76-1A89-46AB-9C17-CB24662FFDE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions."
},
{
"lang": "es",
"value": "En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y WebSafe en su versi\u00f3n 13.0.0, una fuga de memoria lenta producida por paquetes IPv4 e IPv6 no revelados enviados al puerto de gesti\u00f3n de BIG-IP o a sus propias direcciones IP puede provocar condiciones de agotamiento de memoria."
}
],
"id": "CVE-2017-6135",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-21T17:29:00.450",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040050"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K43322910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K43322910"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-772"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-6138
Vulnerability from fkie_nvd - Published: 2017-12-21 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | http://www.securitytracker.com/id/1040051 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K34514540 | Issue Tracking, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040051 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K34514540 | Issue Tracking, Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | 13.0.0 | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | 13.0.0 | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | 13.0.0 | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | 13.0.0 | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | 13.0.0 | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | 13.0.0 | |
| f5 | big-ip_dns | * | |
| f5 | big-ip_dns | 13.0.0 | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_global_traffic_manager | 13.0.0 | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | 13.0.0 | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | 13.0.0 | |
| f5 | big-ip_websafe | * | |
| f5 | big-ip_websafe | 13.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48AEF668-8ABE-4A09-B45B-AB30B7A6464B",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAB3D2D-F589-41AB-A68A-8AFA8760E394",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C3362F-1251-4E7B-B8CB-BBE7344A915E",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E33F47-378B-4077-AA3E-6EBED04D3609",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A76187-6118-4A9D-9F7C-0C9D3931BF42",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE82B01E-278D-40DB-9CD5-D69F863A97CD",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D90D84D6-E4EF-4686-A7D9-52FF577251D8",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93674162-3A63-4F05-B68F-B7D54B0AAE98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "528457E0-A8CA-454B-AC01-C55630E2FA49",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3914B25C-4E86-4C00-A199-4C9A99BA2EC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE206C-8F30-4C1A-9823-BAF2052EF065",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91F8E790-6C3C-476D-B403-4F13CEF0BA7A",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B5CC4A-32F1-474A-A89B-A6C7E56513D7",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E56D76-1A89-46AB-9C17-CB24662FFDE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default \"normalize URI\" configuration options used in iRules and/or BIG-IP LTM policies."
},
{
"lang": "es",
"value": "En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y WebSafe, en versiones de software 13.0.0 y de la 12.1.0 a la 12.1.2, las peticiones maliciosas enviadas al servidor virtual con un perfil HTTP puede provocar que el TMM se reinicie. El problema est\u00e1 presente en perfiles BIG-IP APM, independientemente de su configuraci\u00f3n. Este problema tambi\u00e9n est\u00e1 presente en las opciones de configuraci\u00f3n \"normalize URI\" utilizadas en las pol\u00edticas BIG-IP LTM y/o iRules."
}
],
"id": "CVE-2017-6138",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-21T17:29:00.527",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040051"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K34514540"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K34514540"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-6133
Vulnerability from fkie_nvd - Published: 2017-12-21 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | http://www.securityfocus.com/bid/102467 | ||
| f5sirt@f5.com | http://www.securitytracker.com/id/1040048 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K25033460 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102467 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040048 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K25033460 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | 13.0.0 | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | 13.0.0 | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | 13.0.0 | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | 13.0.0 | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | 13.0.0 | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | 13.0.0 | |
| f5 | big-ip_dns | * | |
| f5 | big-ip_dns | 13.0.0 | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | 13.0.0 | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | 13.0.0 | |
| f5 | big-ip_websafe | * | |
| f5 | big-ip_websafe | 13.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48AEF668-8ABE-4A09-B45B-AB30B7A6464B",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAB3D2D-F589-41AB-A68A-8AFA8760E394",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C3362F-1251-4E7B-B8CB-BBE7344A915E",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E33F47-378B-4077-AA3E-6EBED04D3609",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A76187-6118-4A9D-9F7C-0C9D3931BF42",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE82B01E-278D-40DB-9CD5-D69F863A97CD",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D90D84D6-E4EF-4686-A7D9-52FF577251D8",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93674162-3A63-4F05-B68F-B7D54B0AAE98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE206C-8F30-4C1A-9823-BAF2052EF065",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91F8E790-6C3C-476D-B403-4F13CEF0BA7A",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B5CC4A-32F1-474A-A89B-A6C7E56513D7",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E56D76-1A89-46AB-9C17-CB24662FFDE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, undisclosed HTTP requests may cause a denial of service."
},
{
"lang": "es",
"value": "En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM y WebSafe, en versiones 13.0.0 y de la 12.1.0 a la 12.1.2, las peticiones HTTP no reveladas podr\u00edan provocar una denegaci\u00f3n de servicio (DoS)."
}
],
"id": "CVE-2017-6133",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-21T17:29:00.370",
"references": [
{
"source": "f5sirt@f5.com",
"url": "http://www.securityfocus.com/bid/102467"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040048"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K25033460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/102467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K25033460"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-6167
Vulnerability from fkie_nvd - Published: 2017-12-21 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | http://www.securitytracker.com/id/1040053 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K24465120 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040053 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K24465120 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | 13.0.0 | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | 13.0.0 | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | 13.0.0 | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | 13.0.0 | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | 13.0.0 | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | 13.0.0 | |
| f5 | big-ip_dns | * | |
| f5 | big-ip_dns | 13.0.0 | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | 13.0.0 | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | 13.0.0 | |
| f5 | big-ip_websafe | * | |
| f5 | big-ip_websafe | 13.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48AEF668-8ABE-4A09-B45B-AB30B7A6464B",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAB3D2D-F589-41AB-A68A-8AFA8760E394",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C3362F-1251-4E7B-B8CB-BBE7344A915E",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E33F47-378B-4077-AA3E-6EBED04D3609",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A76187-6118-4A9D-9F7C-0C9D3931BF42",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE82B01E-278D-40DB-9CD5-D69F863A97CD",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D90D84D6-E4EF-4686-A7D9-52FF577251D8",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93674162-3A63-4F05-B68F-B7D54B0AAE98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE206C-8F30-4C1A-9823-BAF2052EF065",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91F8E790-6C3C-476D-B403-4F13CEF0BA7A",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B5CC4A-32F1-474A-A89B-A6C7E56513D7",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E56D76-1A89-46AB-9C17-CB24662FFDE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected."
},
{
"lang": "es",
"value": "En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM y WebSafe, en versiones 13.0.0 y de la 12.1.0 a la 12.1.2, las condiciones de carrera en iControl REST pueden conducir a la ejecuci\u00f3n de comandos con niveles de privilegios diferentes a los esperados."
}
],
"id": "CVE-2017-6167",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-21T17:29:00.717",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040053"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K24465120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K24465120"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-6140
Vulnerability from fkie_nvd - Published: 2017-12-21 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | http://www.securitytracker.com/id/1040042 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K55102452 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040042 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K55102452 | Issue Tracking, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D27D4A-BD5C-4FA9-AA72-F7956298DE06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12F86EB5-D581-4103-A802-44D968BA8D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "36F383ED-8CB5-400D-BFDB-BD5B8CD8C7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6203A11-82C3-4ABA-94E9-085BFF1A0E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "06224D59-35F8-4168-80C5-CF5B17E99050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF5A5F6-4BA3-4276-8679-B5560EACF2E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2B502F2-404C-463B-B6BE-87489DC881F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44F1E5E0-BD63-4A4A-BC4E-A1D5495F8B5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A82C7B1C-E195-4D94-B604-78FB464C4F81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F6C3144-D0DE-4248-BFCD-04A7E6104044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0357B5ED-0600-4756-93E5-692987068596",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:f5:big-ip_2000s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB09D38C-6314-48DF-82DB-68ED2AA2A87F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_2200s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE3D3C8-2B7C-4336-A237-7022949B3883",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_4000s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A481AA79-5A01-4051-9F3D-ACC203CC9398",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_4200v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FDCC56-7608-4856-8945-3D06155150AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i10600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F768A343-E31B-4A0B-A1CE-B884BCF8DE96",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i10800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25711D89-A9A6-41E8-8DAB-FBFA9CADB69B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i5600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D848D43B-F994-45CF-AA53-ED0D4ACEDE8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i5800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16C46A4D-3773-4EB4-B397-D02694FC65BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i7600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "842E7F16-4CB8-450F-BF18-829BAEFAF6CC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7569487-6D88-46CC-9B70-59D56DB0CE35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:viprion_4450_blades:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4ADE44-5E90-411D-B11F-941B1122B9CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3D8A24-0B8D-432B-8F06-D0E1642E7C1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4489382-0668-4CFB-BA89-D54762937CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9850D0AA-B173-47B2-9B69-75E6D1FAF490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "281D0B5B-27DF-4E8A-AFC9-D09468F8ECDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40994EB4-4D31-4697-964D-1F0B09864DF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B40837-EC2B-41FB-ACC3-806054EAF28C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48BE0210-7058-462A-BA17-845D3E4F52FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA2FA6B-3930-432F-8FB5-E73604CEFE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA90FB8-E2CD-400F-B753-1B482E7FAC96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6FEC804B-35DB-4A0C-9AEA-15527E0CC1B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB228A9-0C01-4531-B2B2-38BB7B0E02E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:f5:big-ip_2000s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB09D38C-6314-48DF-82DB-68ED2AA2A87F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_2200s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE3D3C8-2B7C-4336-A237-7022949B3883",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_4000s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A481AA79-5A01-4051-9F3D-ACC203CC9398",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_4200v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FDCC56-7608-4856-8945-3D06155150AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i10600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F768A343-E31B-4A0B-A1CE-B884BCF8DE96",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i10800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25711D89-A9A6-41E8-8DAB-FBFA9CADB69B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i5600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D848D43B-F994-45CF-AA53-ED0D4ACEDE8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i5800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16C46A4D-3773-4EB4-B397-D02694FC65BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i7600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "842E7F16-4CB8-450F-BF18-829BAEFAF6CC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7569487-6D88-46CC-9B70-59D56DB0CE35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:viprion_4450_blades:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4ADE44-5E90-411D-B11F-941B1122B9CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3755740D-F1DC-4910-ADDD-9D491515201C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA244A7D-F65D-4114-81C8-CE811959EA10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA9F72C-8344-4370-B511-31BEC8BA63E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96CF015E-C74B-4215-9103-8087BC1D12AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE4DB00-433D-414A-A1CE-E507B9BB809B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B276E4DF-69FC-4158-B93A-781A45605034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CBAB92C5-2D50-49CC-AECA-0D16BC44A788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "532AAF54-64EF-4852-B4F1-D5E660463704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC827031-CA39-4081-8CE0-30EAC78DF756",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7569903B-3A15-4A10-863B-6828337DD268",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "45825991-D17D-42F1-87B4-7DF86B098B45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:f5:big-ip_2000s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB09D38C-6314-48DF-82DB-68ED2AA2A87F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_2200s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE3D3C8-2B7C-4336-A237-7022949B3883",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_4000s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A481AA79-5A01-4051-9F3D-ACC203CC9398",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_4200v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FDCC56-7608-4856-8945-3D06155150AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i10600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F768A343-E31B-4A0B-A1CE-B884BCF8DE96",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i10800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25711D89-A9A6-41E8-8DAB-FBFA9CADB69B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i5600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D848D43B-F994-45CF-AA53-ED0D4ACEDE8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i5800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16C46A4D-3773-4EB4-B397-D02694FC65BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i7600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "842E7F16-4CB8-450F-BF18-829BAEFAF6CC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7569487-6D88-46CC-9B70-59D56DB0CE35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:viprion_4450_blades:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4ADE44-5E90-411D-B11F-941B1122B9CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D226F1-6513-4233-BE20-58D7AB24978F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33B2082-E040-4799-A260-BA687ED8614E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A85766A4-2181-4719-ADCF-4FEA0031DB80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E93EE3-DB73-468E-87CA-4D277F283648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB01A61-1924-417F-8A75-9FDF8F14F754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B70D2BD5-8E3F-4B57-84EF-3AF40F6378F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A065BC0-56BD-4665-A860-EBA37F1A4D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0EDB8E9-E6FB-406E-B1D3-C620F114804C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77192AFB-B612-4BAA-916C-3DF8E851CC2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE295AF6-2B35-467F-8501-B5753CDDE16C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:12.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3C03B68-914F-4DB0-A832-B626B8746524",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:f5:big-ip_2000s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB09D38C-6314-48DF-82DB-68ED2AA2A87F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_2200s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE3D3C8-2B7C-4336-A237-7022949B3883",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_4000s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A481AA79-5A01-4051-9F3D-ACC203CC9398",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_4200v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FDCC56-7608-4856-8945-3D06155150AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i10600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F768A343-E31B-4A0B-A1CE-B884BCF8DE96",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i10800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25711D89-A9A6-41E8-8DAB-FBFA9CADB69B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i5600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D848D43B-F994-45CF-AA53-ED0D4ACEDE8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i5800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16C46A4D-3773-4EB4-B397-D02694FC65BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i7600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "842E7F16-4CB8-450F-BF18-829BAEFAF6CC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7569487-6D88-46CC-9B70-59D56DB0CE35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:viprion_4450_blades:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4ADE44-5E90-411D-B11F-941B1122B9CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD2C1D2-103E-4B0F-84AA-999F01E695F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "855E91A4-0A0C-4E5C-8019-FB513A793803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCCC2092-E109-4FF6-9B85-6C9434269851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8923BB93-96C1-417B-9172-4A81E731EBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "274E34BF-82A5-4D9E-BC72-202193A47A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "475F0EF8-42CB-4099-9C4A-390F946C4924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "94DBCD7A-E4DA-4C08-87A4-960CF53A83E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62B0A70A-D101-443E-A543-5EC35E23D66F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB2118A-0F9C-4273-BB07-85FEA32C785B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8541C9EF-69A8-4641-B173-3BCE0EDD20A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E24A3C71-0075-4738-B114-267337D050CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:f5:big-ip_2000s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB09D38C-6314-48DF-82DB-68ED2AA2A87F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_2200s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE3D3C8-2B7C-4336-A237-7022949B3883",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_4000s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A481AA79-5A01-4051-9F3D-ACC203CC9398",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_4200v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FDCC56-7608-4856-8945-3D06155150AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i10600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F768A343-E31B-4A0B-A1CE-B884BCF8DE96",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i10800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25711D89-A9A6-41E8-8DAB-FBFA9CADB69B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i5600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D848D43B-F994-45CF-AA53-ED0D4ACEDE8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i5800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16C46A4D-3773-4EB4-B397-D02694FC65BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i7600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "842E7F16-4CB8-450F-BF18-829BAEFAF6CC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7569487-6D88-46CC-9B70-59D56DB0CE35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:viprion_4450_blades:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4ADE44-5E90-411D-B11F-941B1122B9CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E142B175-0E9D-4051-A6B1-FF9E7583DFBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B131043-3C02-47CE-8D1C-BB29A20113E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE4ACE8-1309-4631-9E34-A6032009B702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A70560C5-AEB5-4144-A0AA-10A63527B5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2CE884-45CD-4EB8-8568-B3AEAB017361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAEC7D0-4BE1-42EE-91CA-56204FEAD048",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "510C2966-F495-49BB-99D6-53468FD95832",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE97E4B1-88D7-4B3E-BEA3-0AD2A01347FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E3AE25-2F4F-4CE5-8842-E02346162D7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCC6CA6-2BE8-40D4-AC55-94AF8F5BEDF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:12.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "62FE0213-787C-49CB-96B8-EAC9DE0977EA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:f5:big-ip_2000s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB09D38C-6314-48DF-82DB-68ED2AA2A87F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_2200s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE3D3C8-2B7C-4336-A237-7022949B3883",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_4000s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A481AA79-5A01-4051-9F3D-ACC203CC9398",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_4200v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FDCC56-7608-4856-8945-3D06155150AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i10600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F768A343-E31B-4A0B-A1CE-B884BCF8DE96",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i10800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25711D89-A9A6-41E8-8DAB-FBFA9CADB69B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i5600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D848D43B-F994-45CF-AA53-ED0D4ACEDE8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i5800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16C46A4D-3773-4EB4-B397-D02694FC65BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i7600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "842E7F16-4CB8-450F-BF18-829BAEFAF6CC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7569487-6D88-46CC-9B70-59D56DB0CE35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:viprion_4450_blades:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4ADE44-5E90-411D-B11F-941B1122B9CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0594DBC5-8470-416C-A5EA-E04F5AB2C799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B50BF19F-71B4-47C0-A96E-6EB90FCC6AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3A3BA6-6F60-45CA-8F52-687B671B077A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "202B6870-718C-4F8D-9BAB-7ED6385BF2A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6A3691-ADC4-44BC-8A11-D855B13EF128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7D7863D-B064-4D7A-A66B-C3D3523425FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "911BB6DB-B2D1-4855-A65C-F0799E034358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44D161F9-D198-4DA0-BF95-19472A0495A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06E2C448-F279-476E-9F54-185582BEE9E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5943AAEF-A816-4F95-A91F-023A226D6459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72E78A8D-6CB6-49F9-9288-9C2EEF41441A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:f5:big-ip_2000s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB09D38C-6314-48DF-82DB-68ED2AA2A87F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_2200s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE3D3C8-2B7C-4336-A237-7022949B3883",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_4000s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A481AA79-5A01-4051-9F3D-ACC203CC9398",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_4200v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FDCC56-7608-4856-8945-3D06155150AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i10600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F768A343-E31B-4A0B-A1CE-B884BCF8DE96",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i10800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25711D89-A9A6-41E8-8DAB-FBFA9CADB69B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i5600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D848D43B-F994-45CF-AA53-ED0D4ACEDE8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i5800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16C46A4D-3773-4EB4-B397-D02694FC65BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i7600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "842E7F16-4CB8-450F-BF18-829BAEFAF6CC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7569487-6D88-46CC-9B70-59D56DB0CE35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:viprion_4450_blades:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4ADE44-5E90-411D-B11F-941B1122B9CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6EA0C0-9C26-4A87-98F1-5B317D606ECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D379372-A226-4230-B1F3-04C696518BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22FAC35D-2803-49B0-9382-F14594B88FC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C72257B-FF99-4707-A0E3-316D538B1CF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "18CFA52E-F9D7-40C3-9DB5-CDD5767E1F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB8D3B87-B8F5-490A-B1D9-04F2EE93EEA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1EA4F45-35F7-4687-8D1A-A5ACD846500A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23FF9627-E561-4CF7-A685-6E33D2F6C98C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64273A2C-E5A1-4605-92DD-EBECC7F051D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E60CA151-1C3A-45B3-B939-E6F80063C595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "58BAD5A9-9C67-4056-9344-07C8C42C8E88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:f5:big-ip_2000s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB09D38C-6314-48DF-82DB-68ED2AA2A87F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_2200s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE3D3C8-2B7C-4336-A237-7022949B3883",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_4000s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A481AA79-5A01-4051-9F3D-ACC203CC9398",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_4200v:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FDCC56-7608-4856-8945-3D06155150AA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i10600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F768A343-E31B-4A0B-A1CE-B884BCF8DE96",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i10800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25711D89-A9A6-41E8-8DAB-FBFA9CADB69B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i5600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D848D43B-F994-45CF-AA53-ED0D4ACEDE8C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i5800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16C46A4D-3773-4EB4-B397-D02694FC65BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i7600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "842E7F16-4CB8-450F-BF18-829BAEFAF6CC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:big-ip_i7800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7569487-6D88-46CC-9B70-59D56DB0CE35",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:f5:viprion_4450_blades:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4ADE44-5E90-411D-B11F-941B1122B9CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services."
},
{
"lang": "es",
"value": "En los productos BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800 y los blades VIPRION 4450 en versiones 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 o 12.1.2 de BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM o PEM, una secuencia de paquetes no revelada enviada a los servidores virtuales con perfiles SSL de cliente o servidor pueden hacer que se interrumpan los servicios de plano de datos."
}
],
"id": "CVE-2017-6140",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-21T17:29:00.607",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040042"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K55102452"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040042"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K55102452"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-6132
Vulnerability from fkie_nvd - Published: 2017-12-21 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | http://www.securityfocus.com/bid/102333 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | http://www.securitytracker.com/id/1040049 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K12044607 | Issue Tracking, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102333 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040049 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K12044607 | Issue Tracking, Mitigation, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A113DC2-B084-48C2-8ECF-F0281AC34246",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F5FF67-5D17-4760-AFDC-4234EC1E6306",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D27D4A-BD5C-4FA9-AA72-F7956298DE06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12F86EB5-D581-4103-A802-44D968BA8D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "36F383ED-8CB5-400D-BFDB-BD5B8CD8C7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6203A11-82C3-4ABA-94E9-085BFF1A0E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "06224D59-35F8-4168-80C5-CF5B17E99050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC4ECCE-9343-4462-872C-FA4860998B69",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E45CF5-C9E4-4AB9-A6D5-66F8336DDB79",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3D8A24-0B8D-432B-8F06-D0E1642E7C1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4489382-0668-4CFB-BA89-D54762937CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9850D0AA-B173-47B2-9B69-75E6D1FAF490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "281D0B5B-27DF-4E8A-AFC9-D09468F8ECDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40994EB4-4D31-4697-964D-1F0B09864DF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55D59D80-4DC5-4A84-BF42-A5AC2D39CC7A",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93212B86-21EA-4340-9149-E58F65285C15",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3755740D-F1DC-4910-ADDD-9D491515201C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA244A7D-F65D-4114-81C8-CE811959EA10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA9F72C-8344-4370-B511-31BEC8BA63E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96CF015E-C74B-4215-9103-8087BC1D12AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE4DB00-433D-414A-A1CE-E507B9BB809B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "857B3A62-F808-4CA9-BFAD-C133D94CF531",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25944BCA-3EEB-4396-AC8F-EF58834BC47E",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D226F1-6513-4233-BE20-58D7AB24978F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33B2082-E040-4799-A260-BA687ED8614E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A85766A4-2181-4719-ADCF-4FEA0031DB80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E93EE3-DB73-468E-87CA-4D277F283648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB01A61-1924-417F-8A75-9FDF8F14F754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE31583-1329-468C-87C9-BBB8FB5132B9",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0ACC0695-E62E-4748-AA8A-46772EB8C83C",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C0312FC-8178-46DE-B4EE-00F2895073BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6C5628-14FF-4D75-B62E-D4B2707C1E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E574F6-34B6-45A6-911D-E5347DA22F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF94129-8779-4D68-8DD4-B828CA633746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BA2E88AA-0523-48D0-8664-6AFDBCB6C940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8FF324E-8533-403A-BEA9-617A28033CC8",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB146EF-CCAB-4194-9735-F8909E283308",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD2C1D2-103E-4B0F-84AA-999F01E695F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "855E91A4-0A0C-4E5C-8019-FB513A793803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCCC2092-E109-4FF6-9B85-6C9434269851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8923BB93-96C1-417B-9172-4A81E731EBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "274E34BF-82A5-4D9E-BC72-202193A47A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E097889C-175C-40A6-9DCF-2C03981D9349",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24B9912B-31F0-4265-8D61-0E6D46DA33DB",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E142B175-0E9D-4051-A6B1-FF9E7583DFBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B131043-3C02-47CE-8D1C-BB29A20113E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE4ACE8-1309-4631-9E34-A6032009B702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A70560C5-AEB5-4144-A0AA-10A63527B5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2CE884-45CD-4EB8-8568-B3AEAB017361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93674162-3A63-4F05-B68F-B7D54B0AAE98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80E2E5FE-217F-4267-AEB9-719E376D2FB0",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF737FD-7706-4536-912A-C22E0B2FE3C4",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0594DBC5-8470-416C-A5EA-E04F5AB2C799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B50BF19F-71B4-47C0-A96E-6EB90FCC6AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3A3BA6-6F60-45CA-8F52-687B671B077A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "202B6870-718C-4F8D-9BAB-7ED6385BF2A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6A3691-ADC4-44BC-8A11-D855B13EF128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3914B25C-4E86-4C00-A199-4C9A99BA2EC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48D3CF2B-1D30-461B-836D-A16EAA15F5BC",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A5CD9B-D257-4EC9-8C57-D9552C2FFFFC",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13E6D2CA-CC4F-4317-A842-4DF0693B0CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB017D7A-3290-4EF5-9647-B488771A5F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F316C54-FAE4-48D8-9E40-ED358C30BF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0F5FD3-45E7-4D55-A3AC-6572FC0682D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAC4C7-AB42-4BBD-98B5-0AE8B032CCC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5AB7A86-4C18-4FCA-90A0-BA9116FF31C3",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE77CCE-7F97-48EA-A9D3-090B1481616F",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6EA0C0-9C26-4A87-98F1-5B317D606ECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D379372-A226-4230-B1F3-04C696518BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22FAC35D-2803-49B0-9382-F14594B88FC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C72257B-FF99-4707-A0E3-316D538B1CF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "18CFA52E-F9D7-40C3-9DB5-CDD5767E1F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8552AED4-DC7B-4DA1-AD49-9AD856A69DC1",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57010E5E-5940-4DDA-AD56-D646D54084AA",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B45F50EB-D059-4251-AF03-DEC2F306C74C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50A13328-66C1-4D9D-8E46-754401D5F457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E94FCC0F-5505-4123-B3FA-ACB90DDE276E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22A30CF4-7D0D-46A6-A2F4-8DC0C1AA4480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "38245250-AE45-456F-9C40-A073AED930C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E56D76-1A89-46AB-9C17-CB24662FFDE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart."
},
{
"lang": "es",
"value": "En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y Websafe, en versiones de software 13.0.0, de la 12.0.0 a la 12.1.2, de la 11.6.0 a la 11.6.1 y de la 11.5.0 a la 11.5.4, una secuencia no revelada de paquetes enviada a los mirror listeners de estado de BIG-IP High Availability (IP primaria y/o secundaria) podr\u00eda hacer que se reinicie TMM."
}
],
"id": "CVE-2017-6132",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-21T17:29:00.323",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102333"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040049"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K12044607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K12044607"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-6151
Vulnerability from fkie_nvd - Published: 2017-12-21 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the "HTTP/2 profile" may result in a disruption of service to TMM.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | http://www.securitytracker.com/id/1040052 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K07369970 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040052 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K07369970 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | big-ip_local_traffic_manager | 13.0.0 | |
| f5 | big-ip_application_acceleration_manager | 13.0.0 | |
| f5 | big-ip_advanced_firewall_manager | 13.0.0 | |
| f5 | big-ip_analytics | 13.0.0 | |
| f5 | big-ip_access_policy_manager | 13.0.0 | |
| f5 | big-ip_application_security_manager | 13.0.0 | |
| f5 | big-ip_dns | 13.0.0 | |
| f5 | big-ip_global_traffic_manager | 13.0.0 | |
| f5 | big-ip_link_controller | 13.0.0 | |
| f5 | big-ip_policy_enforcement_manager | 13.0.0 | |
| f5 | big-ip_websafe | 13.0.0 | |
| f5 | big-ip_edge_gateway | 13.0.0 | |
| f5 | big-ip_webaccelerator | 13.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93674162-3A63-4F05-B68F-B7D54B0AAE98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3914B25C-4E86-4C00-A199-4C9A99BA2EC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E56D76-1A89-46AB-9C17-CB24662FFDE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3374BE-6A37-48B5-83D4-D61558A8433E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E703FAB-BFCD-47A1-94BD-DD63879DE883",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the \"HTTP/2 profile\" may result in a disruption of service to TMM."
},
{
"lang": "es",
"value": "En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator y WebSafe, en su versi\u00f3n 13.0.0, las solicitudes no reveladas enviadas a los servidores virtuales BIG-IP que utilizan el perfil HTTP/2 pueden provocar una interrupci\u00f3n del servicio en el TMM."
}
],
"id": "CVE-2017-6151",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-21T17:29:00.637",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040052"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K07369970"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K07369970"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-6136
Vulnerability from fkie_nvd - Published: 2017-12-21 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM).
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | http://www.securitytracker.com/id/1040046 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K81137982 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040046 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K81137982 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | big-ip_local_traffic_manager | * | |
| f5 | big-ip_local_traffic_manager | 13.0.0 | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | 13.0.0 | |
| f5 | big-ip_advanced_firewall_manager | * | |
| f5 | big-ip_advanced_firewall_manager | 13.0.0 | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | 13.0.0 | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | 13.0.0 | |
| f5 | big-ip_application_security_manager | * | |
| f5 | big-ip_application_security_manager | 13.0.0 | |
| f5 | big-ip_dns | * | |
| f5 | big-ip_dns | 13.0.0 | |
| f5 | big-ip_global_traffic_manager | * | |
| f5 | big-ip_global_traffic_manager | 13.0.0 | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | 13.0.0 | |
| f5 | big-ip_policy_enforcement_manager | * | |
| f5 | big-ip_policy_enforcement_manager | 13.0.0 | |
| f5 | big-ip_websafe | * | |
| f5 | big-ip_websafe | 13.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48AEF668-8ABE-4A09-B45B-AB30B7A6464B",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAB3D2D-F589-41AB-A68A-8AFA8760E394",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C3362F-1251-4E7B-B8CB-BBE7344A915E",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E33F47-378B-4077-AA3E-6EBED04D3609",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A76187-6118-4A9D-9F7C-0C9D3931BF42",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE82B01E-278D-40DB-9CD5-D69F863A97CD",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D90D84D6-E4EF-4686-A7D9-52FF577251D8",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93674162-3A63-4F05-B68F-B7D54B0AAE98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "528457E0-A8CA-454B-AC01-C55630E2FA49",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3914B25C-4E86-4C00-A199-4C9A99BA2EC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE206C-8F30-4C1A-9823-BAF2052EF065",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91F8E790-6C3C-476D-B403-4F13CEF0BA7A",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B5CC4A-32F1-474A-A89B-A6C7E56513D7",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E56D76-1A89-46AB-9C17-CB24662FFDE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM)."
},
{
"lang": "es",
"value": "En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y WebSafe, en versiones 13.0.0 y de la 12.0.0 a la 12.1.2, los patrones de tr\u00e1fico no revelados que se env\u00edan a los servidores virtuales de BIG-IP con las opciones TCP Fast Open y Tail Loss Probe activadas en el perfil TCP asociado, pueden interrumpir el servicio al TMM (Traffic Management Microkernel)."
}
],
"id": "CVE-2017-6136",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-21T17:29:00.480",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040046"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K81137982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K81137982"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-6164
Vulnerability from fkie_nvd - Published: 2017-12-21 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | http://www.securitytracker.com/id/1040054 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K02714910 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040054 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K02714910 | Issue Tracking, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A113DC2-B084-48C2-8ECF-F0281AC34246",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F5FF67-5D17-4760-AFDC-4234EC1E6306",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D27D4A-BD5C-4FA9-AA72-F7956298DE06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "12F86EB5-D581-4103-A802-44D968BA8D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "36F383ED-8CB5-400D-BFDB-BD5B8CD8C7AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6203A11-82C3-4ABA-94E9-085BFF1A0E4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "06224D59-35F8-4168-80C5-CF5B17E99050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC4ECCE-9343-4462-872C-FA4860998B69",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E45CF5-C9E4-4AB9-A6D5-66F8336DDB79",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E3D8A24-0B8D-432B-8F06-D0E1642E7C1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4489382-0668-4CFB-BA89-D54762937CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9850D0AA-B173-47B2-9B69-75E6D1FAF490",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "281D0B5B-27DF-4E8A-AFC9-D09468F8ECDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "40994EB4-4D31-4697-964D-1F0B09864DF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55D59D80-4DC5-4A84-BF42-A5AC2D39CC7A",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93212B86-21EA-4340-9149-E58F65285C15",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3755740D-F1DC-4910-ADDD-9D491515201C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA244A7D-F65D-4114-81C8-CE811959EA10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA9F72C-8344-4370-B511-31BEC8BA63E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96CF015E-C74B-4215-9103-8087BC1D12AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CFE4DB00-433D-414A-A1CE-E507B9BB809B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "857B3A62-F808-4CA9-BFAD-C133D94CF531",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25944BCA-3EEB-4396-AC8F-EF58834BC47E",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D226F1-6513-4233-BE20-58D7AB24978F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B33B2082-E040-4799-A260-BA687ED8614E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A85766A4-2181-4719-ADCF-4FEA0031DB80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E93EE3-DB73-468E-87CA-4D277F283648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB01A61-1924-417F-8A75-9FDF8F14F754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE31583-1329-468C-87C9-BBB8FB5132B9",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0ACC0695-E62E-4748-AA8A-46772EB8C83C",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C0312FC-8178-46DE-B4EE-00F2895073BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6C5628-14FF-4D75-B62E-D4B2707C1E3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9E574F6-34B6-45A6-911D-E5347DA22F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF94129-8779-4D68-8DD4-B828CA633746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BA2E88AA-0523-48D0-8664-6AFDBCB6C940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8FF324E-8533-403A-BEA9-617A28033CC8",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB146EF-CCAB-4194-9735-F8909E283308",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD2C1D2-103E-4B0F-84AA-999F01E695F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "855E91A4-0A0C-4E5C-8019-FB513A793803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FCCC2092-E109-4FF6-9B85-6C9434269851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8923BB93-96C1-417B-9172-4A81E731EBA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "274E34BF-82A5-4D9E-BC72-202193A47A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E097889C-175C-40A6-9DCF-2C03981D9349",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24B9912B-31F0-4265-8D61-0E6D46DA33DB",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E142B175-0E9D-4051-A6B1-FF9E7583DFBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9B131043-3C02-47CE-8D1C-BB29A20113E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE4ACE8-1309-4631-9E34-A6032009B702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A70560C5-AEB5-4144-A0AA-10A63527B5C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F2CE884-45CD-4EB8-8568-B3AEAB017361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93674162-3A63-4F05-B68F-B7D54B0AAE98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80E2E5FE-217F-4267-AEB9-719E376D2FB0",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EF737FD-7706-4536-912A-C22E0B2FE3C4",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0594DBC5-8470-416C-A5EA-E04F5AB2C799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B50BF19F-71B4-47C0-A96E-6EB90FCC6AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3A3BA6-6F60-45CA-8F52-687B671B077A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "202B6870-718C-4F8D-9BAB-7ED6385BF2A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6A3691-ADC4-44BC-8A11-D855B13EF128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3914B25C-4E86-4C00-A199-4C9A99BA2EC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48D3CF2B-1D30-461B-836D-A16EAA15F5BC",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A5CD9B-D257-4EC9-8C57-D9552C2FFFFC",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13E6D2CA-CC4F-4317-A842-4DF0693B0CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB017D7A-3290-4EF5-9647-B488771A5F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F316C54-FAE4-48D8-9E40-ED358C30BF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AC0F5FD3-45E7-4D55-A3AC-6572FC0682D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "56BAC4C7-AB42-4BBD-98B5-0AE8B032CCC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5AB7A86-4C18-4FCA-90A0-BA9116FF31C3",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE77CCE-7F97-48EA-A9D3-090B1481616F",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6EA0C0-9C26-4A87-98F1-5B317D606ECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D379372-A226-4230-B1F3-04C696518BD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22FAC35D-2803-49B0-9382-F14594B88FC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3C72257B-FF99-4707-A0E3-316D538B1CF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "18CFA52E-F9D7-40C3-9DB5-CDD5767E1F0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8552AED4-DC7B-4DA1-AD49-9AD856A69DC1",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57010E5E-5940-4DDA-AD56-D646D54084AA",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B45F50EB-D059-4251-AF03-DEC2F306C74C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50A13328-66C1-4D9D-8E46-754401D5F457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E94FCC0F-5505-4123-B3FA-ACB90DDE276E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "22A30CF4-7D0D-46A6-A2F4-8DC0C1AA4480",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "38245250-AE45-456F-9C40-A073AED930C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E56D76-1A89-46AB-9C17-CB24662FFDE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6A378E8-5AD0-4640-A236-1B4655D2CDDC",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2669BE56-A3EF-4080-A6FE-4565A85BD954",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "917BA1D9-2C47-41BE-80AF-05F5AC855945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A75D8-A712-4075-B4C2-F2AB36892619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FB83BA4-2C5B-4742-8AD8-9541EB04CED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5B11F8-1F6A-4A41-BEDE-F03BD179C443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6E38A7F6-B7DB-4F25-95A8-7D1DD6711FBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3374BE-6A37-48B5-83D4-D61558A8433E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E84D701A-96D1-43A8-B87C-0BAA6912F16E",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C4A4202-DBAD-4717-80E5-B6818551B20F",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E47077D8-80F4-4919-913B-AC6B7CA1CEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A860AAB-4E19-42C4-B37D-6043C24A3E85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "67D62C27-F5CE-455A-A683-1F71E3275183",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF200B2-C3A2-4A64-BDB7-62BA4BD865EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B2FD88-64B9-4B51-BB79-0C075CAA8362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E703FAB-BFCD-47A1-94BD-DD63879DE883",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system."
},
{
"lang": "es",
"value": "En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator y WebSafe en las versiones de software 13.0.0, de la 12.0.0 a la 12.1.2, de la 11.6.0 a la 11.6.1 y de la 11.5.0 a la 11.5.5.4, en algunas circunstancias, Traffic Management Microkernel (TMM) no maneja correctamente determinados registros TLS1.2 mal formados, lo que permite a los atacantes remotos causar una denegaci\u00f3n de servicio (DoS) o, posiblemente, ejecutar comandos remotos en el sistema BIG-IP."
}
],
"id": "CVE-2017-6164",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-21T17:29:00.683",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040054"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K02714910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K02714910"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-6134
Vulnerability from fkie_nvd - Published: 2017-12-21 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | http://www.securityfocus.com/bid/102466 | ||
| f5sirt@f5.com | http://www.securitytracker.com/id/1040044 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | http://www.securitytracker.com/id/1040045 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K37404773 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102466 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040044 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040045 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K37404773 | Issue Tracking, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "993AD7D2-DBC5-40B6-9CBE-1BA9590FCCC4",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48AEF668-8ABE-4A09-B45B-AB30B7A6464B",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8D6DC6-FE8D-4C73-930B-99E2B3FB18ED",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6CAB3D2D-F589-41AB-A68A-8AFA8760E394",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13EDBCE3-05FD-4B5B-926B-0B5B18199083",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C3362F-1251-4E7B-B8CB-BBE7344A915E",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B62C49F2-DAAD-467A-B27C-20E2A014787B",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A7E33F47-378B-4077-AA3E-6EBED04D3609",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "83DC910C-4396-4945-8635-E9C8038BE872",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A76187-6118-4A9D-9F7C-0C9D3931BF42",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAB57533-B744-4A2F-8AE0-7D8037CBA70D",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE82B01E-278D-40DB-9CD5-D69F863A97CD",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65F88F93-D566-44FC-969D-B11C51B4261E",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D90D84D6-E4EF-4686-A7D9-52FF577251D8",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93674162-3A63-4F05-B68F-B7D54B0AAE98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F5F1D95-D705-4715-B844-52E8ECBB266D",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "528457E0-A8CA-454B-AC01-C55630E2FA49",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3914B25C-4E86-4C00-A199-4C9A99BA2EC4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC21461D-B2B2-4FD2-B24F-DCAF525847EF",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AE206C-8F30-4C1A-9823-BAF2052EF065",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C73A1C36-0F0F-4EDD-99C6-321F9367FF70",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91F8E790-6C3C-476D-B403-4F13CEF0BA7A",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E27FFA2-D2AC-4838-A4C6-58964794977C",
"versionEndIncluding": "11.6.1",
"versionStartIncluding": "11.5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48B5CC4A-32F1-474A-A89B-A6C7E56513D7",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E56D76-1A89-46AB-9C17-CB24662FFDE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, 12.1.0 - 12.1.2 and 11.5.1 - 11.6.1, an undisclosed sequence of packets, sourced from an adjacent network may cause TMM to crash."
},
{
"lang": "es",
"value": "En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y WebSafe, en versiones de software 13.0.0, de la 12.1.0 a la 12.1.2 y de la 11.5.1 a la 11.6.1, una secuencia de paquetes no revelada cuyo origen es una red adyacente podr\u00eda hacer que TMM se cierre de manera inesperada."
}
],
"id": "CVE-2017-6134",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-21T17:29:00.403",
"references": [
{
"source": "f5sirt@f5.com",
"url": "http://www.securityfocus.com/bid/102466"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040044"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040045"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K37404773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/102466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040045"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K37404773"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-6150 (GCVE-0-2017-6150)
Vulnerability from cvelistv5 – Published: 2018-03-01 16:00 – Updated: 2024-09-17 00:06
VLAI?
Summary
Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM).
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe |
Affected:
13.0.0
Affected: 12.1.0 - 12.1.3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103235",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103235"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K62712037"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.3.1"
}
]
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-07T10:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"name": "103235",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103235"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K62712037"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2018-02-28T00:00:00",
"ID": "CVE-2017-6150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
"version": {
"version_data": [
{
"version_value": "13.0.0"
},
{
"version_value": "12.1.0 - 12.1.3.1"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103235"
},
{
"name": "https://support.f5.com/csp/article/K62712037",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K62712037"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-6150",
"datePublished": "2018-03-01T16:00:00Z",
"dateReserved": "2017-02-21T00:00:00",
"dateUpdated": "2024-09-17T00:06:49.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5501 (GCVE-0-2018-5501)
Vulnerability from cvelistv5 – Published: 2018-03-01 16:00 – Updated: 2024-09-17 02:37
VLAI?
Summary
In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control.
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe |
Affected:
13.0.0
Affected: 12.1.0 - 12.1.3.1 Affected: 11.6.1 - 11.6.x Affected: 11.5.1 - 11.5.x Affected: 11.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:50.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K44200194"
},
{
"name": "103211",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.3.1"
},
{
"status": "affected",
"version": "11.6.1 - 11.6.x"
},
{
"status": "affected",
"version": "11.5.1 - 11.5.x"
},
{
"status": "affected",
"version": "11.2.1"
}
]
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-06T10:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K44200194"
},
{
"name": "103211",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2018-02-28T00:00:00",
"ID": "CVE-2018-5501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
"version": {
"version_data": [
{
"version_value": "13.0.0"
},
{
"version_value": "12.1.0 - 12.1.3.1"
},
{
"version_value": "11.6.1 - 11.6.x"
},
{
"version_value": "11.5.1 - 11.5.x"
},
{
"version_value": "11.2.1"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K44200194",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K44200194"
},
{
"name": "103211",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2018-5501",
"datePublished": "2018-03-01T16:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-17T02:37:02.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5500 (GCVE-0-2018-5500)
Vulnerability from cvelistv5 – Published: 2018-03-01 16:00 – Updated: 2024-09-16 20:41
VLAI?
Summary
On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue.
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe |
Affected:
13.0.0
Affected: 12.1.0 - 12.1.3.1 Affected: 11.6.1 - 11.6.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:50.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K33211839"
},
{
"name": "103217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.3.1"
},
{
"status": "affected",
"version": "11.6.1 - 11.6.2"
}
]
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-06T10:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K33211839"
},
{
"name": "103217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2018-02-28T00:00:00",
"ID": "CVE-2018-5500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
"version": {
"version_data": [
{
"version_value": "13.0.0"
},
{
"version_value": "12.1.0 - 12.1.3.1"
},
{
"version_value": "11.6.1 - 11.6.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K33211839",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K33211839"
},
{
"name": "103217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2018-5500",
"datePublished": "2018-03-01T16:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-16T20:41:38.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6140 (GCVE-0-2017-6140)
Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-17 04:04
VLAI?
Summary
On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM, PEM |
Affected:
11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4
Affected: 11.6.0, 11.6.1 Affected: 12.0.0, 12.1.0, 12.1.1, 12.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040042",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040042"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K55102452"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM, PEM",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4"
},
{
"status": "affected",
"version": "11.6.0, 11.6.1"
},
{
"status": "affected",
"version": "12.0.0, 12.1.0, 12.1.1, 12.1.2"
}
]
}
],
"datePublic": "2017-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-22T10:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"name": "1040042",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040042"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K55102452"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2017-12-20T00:00:00",
"ID": "CVE-2017-6140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM, PEM",
"version": {
"version_data": [
{
"version_value": "11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4"
},
{
"version_value": "11.6.0, 11.6.1"
},
{
"version_value": "12.0.0, 12.1.0, 12.1.1, 12.1.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040042",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040042"
},
{
"name": "https://support.f5.com/csp/article/K55102452",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K55102452"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-6140",
"datePublished": "2017-12-21T17:00:00Z",
"dateReserved": "2017-02-21T00:00:00",
"dateUpdated": "2024-09-17T04:04:09.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6135 (GCVE-0-2017-6135)
Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-16 18:08
VLAI?
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe |
Affected:
13.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K43322910"
},
{
"name": "1040050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040050"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.0.0"
}
]
}
],
"datePublic": "2017-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-23T10:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K43322910"
},
{
"name": "1040050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040050"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2017-12-20T00:00:00",
"ID": "CVE-2017-6135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
"version": {
"version_data": [
{
"version_value": "13.0.0"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K43322910",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K43322910"
},
{
"name": "1040050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040050"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-6135",
"datePublished": "2017-12-21T17:00:00Z",
"dateReserved": "2017-02-21T00:00:00",
"dateUpdated": "2024-09-16T18:08:05.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6138 (GCVE-0-2017-6138)
Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-17 02:21
VLAI?
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe |
Affected:
13.0.0
Affected: 12.1.0 - 12.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040051",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K34514540"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.2"
}
]
}
],
"datePublic": "2017-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default \"normalize URI\" configuration options used in iRules and/or BIG-IP LTM policies."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-23T10:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"name": "1040051",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K34514540"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2017-12-20T00:00:00",
"ID": "CVE-2017-6138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
"version": {
"version_data": [
{
"version_value": "13.0.0"
},
{
"version_value": "12.1.0 - 12.1.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default \"normalize URI\" configuration options used in iRules and/or BIG-IP LTM policies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040051",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040051"
},
{
"name": "https://support.f5.com/csp/article/K34514540",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K34514540"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-6138",
"datePublished": "2017-12-21T17:00:00Z",
"dateReserved": "2017-02-21T00:00:00",
"dateUpdated": "2024-09-17T02:21:41.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6167 (GCVE-0-2017-6167)
Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-17 03:58
VLAI?
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected.
Severity ?
No CVSS data available.
CWE
- Privilege Escalation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe |
Affected:
13.0.0
Affected: 12.1.0 - 12.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K24465120"
},
{
"name": "1040053",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040053"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.2"
}
]
}
],
"datePublic": "2017-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-23T10:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K24465120"
},
{
"name": "1040053",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040053"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2017-12-20T00:00:00",
"ID": "CVE-2017-6167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
"version": {
"version_data": [
{
"version_value": "13.0.0"
},
{
"version_value": "12.1.0 - 12.1.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K24465120",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K24465120"
},
{
"name": "1040053",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040053"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-6167",
"datePublished": "2017-12-21T17:00:00Z",
"dateReserved": "2017-02-21T00:00:00",
"dateUpdated": "2024-09-17T03:58:35.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6132 (GCVE-0-2017-6132)
Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-16 19:05
VLAI?
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe |
Affected:
13.0.0
Affected: 12.0.0 - 12.1.2 Affected: 11.6.0 - 11.6.1 Affected: 11.5.0 - 11.5.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102333",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102333"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K12044607"
},
{
"name": "1040049",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.0.0 - 12.1.2"
},
{
"status": "affected",
"version": "11.6.0 - 11.6.1"
},
{
"status": "affected",
"version": "11.5.0 - 11.5.4"
}
]
}
],
"datePublic": "2017-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T10:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"name": "102333",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102333"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K12044607"
},
{
"name": "1040049",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040049"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2017-12-20T00:00:00",
"ID": "CVE-2017-6132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe",
"version": {
"version_data": [
{
"version_value": "13.0.0"
},
{
"version_value": "12.0.0 - 12.1.2"
},
{
"version_value": "11.6.0 - 11.6.1"
},
{
"version_value": "11.5.0 - 11.5.4"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102333"
},
{
"name": "https://support.f5.com/csp/article/K12044607",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K12044607"
},
{
"name": "1040049",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040049"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-6132",
"datePublished": "2017-12-21T17:00:00Z",
"dateReserved": "2017-02-21T00:00:00",
"dateUpdated": "2024-09-16T19:05:17.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6164 (GCVE-0-2017-6164)
Vulnerability from cvelistv5 – Published: 2017-12-21 17:00 – Updated: 2024-09-17 04:13
VLAI?
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system.
Severity ?
No CVSS data available.
CWE
- Denial of Service and Remote Code Execution
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe |
Affected:
13.0.0
Affected: 12.0.0 - 12.1.2 Affected: 11.6.0 - 11.6.1 Affected: 11.5.0 - 11.5.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040054",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040054"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K02714910"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.0.0 - 12.1.2"
},
{
"status": "affected",
"version": "11.6.0 - 11.6.1"
},
{
"status": "affected",
"version": "11.5.0 - 11.5.4"
}
]
}
],
"datePublic": "2017-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service and Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-23T10:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"name": "1040054",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040054"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K02714910"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2017-12-20T00:00:00",
"ID": "CVE-2017-6164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
"version": {
"version_data": [
{
"version_value": "13.0.0"
},
{
"version_value": "12.0.0 - 12.1.2"
},
{
"version_value": "11.6.0 - 11.6.1"
},
{
"version_value": "11.5.0 - 11.5.4"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service and Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040054",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040054"
},
{
"name": "https://support.f5.com/csp/article/K02714910",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K02714910"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-6164",
"datePublished": "2017-12-21T17:00:00Z",
"dateReserved": "2017-02-21T00:00:00",
"dateUpdated": "2024-09-17T04:13:51.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6150 (GCVE-0-2017-6150)
Vulnerability from nvd – Published: 2018-03-01 16:00 – Updated: 2024-09-17 00:06
VLAI?
Summary
Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM).
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe |
Affected:
13.0.0
Affected: 12.1.0 - 12.1.3.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.775Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "103235",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103235"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K62712037"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.3.1"
}
]
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-07T10:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"name": "103235",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103235"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K62712037"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2018-02-28T00:00:00",
"ID": "CVE-2017-6150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
"version": {
"version_data": [
{
"version_value": "13.0.0"
},
{
"version_value": "12.1.0 - 12.1.3.1"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103235"
},
{
"name": "https://support.f5.com/csp/article/K62712037",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K62712037"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-6150",
"datePublished": "2018-03-01T16:00:00Z",
"dateReserved": "2017-02-21T00:00:00",
"dateUpdated": "2024-09-17T00:06:49.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5501 (GCVE-0-2018-5501)
Vulnerability from nvd – Published: 2018-03-01 16:00 – Updated: 2024-09-17 02:37
VLAI?
Summary
In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control.
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe |
Affected:
13.0.0
Affected: 12.1.0 - 12.1.3.1 Affected: 11.6.1 - 11.6.x Affected: 11.5.1 - 11.5.x Affected: 11.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:50.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K44200194"
},
{
"name": "103211",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.3.1"
},
{
"status": "affected",
"version": "11.6.1 - 11.6.x"
},
{
"status": "affected",
"version": "11.5.1 - 11.5.x"
},
{
"status": "affected",
"version": "11.2.1"
}
]
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-06T10:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K44200194"
},
{
"name": "103211",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2018-02-28T00:00:00",
"ID": "CVE-2018-5501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
"version": {
"version_data": [
{
"version_value": "13.0.0"
},
{
"version_value": "12.1.0 - 12.1.3.1"
},
{
"version_value": "11.6.1 - 11.6.x"
},
{
"version_value": "11.5.1 - 11.5.x"
},
{
"version_value": "11.2.1"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, any 11.6.x or 11.5.x release, or 11.2.1, TCP DNS profile allows excessive buffering due to lack of flow control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K44200194",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K44200194"
},
{
"name": "103211",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2018-5501",
"datePublished": "2018-03-01T16:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-17T02:37:02.573Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5500 (GCVE-0-2018-5500)
Vulnerability from nvd – Published: 2018-03-01 16:00 – Updated: 2024-09-16 20:41
VLAI?
Summary
On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue.
Severity ?
No CVSS data available.
CWE
- DoS
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe |
Affected:
13.0.0
Affected: 12.1.0 - 12.1.3.1 Affected: 11.6.1 - 11.6.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:50.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K33211839"
},
{
"name": "103217",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103217"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.3.1"
},
{
"status": "affected",
"version": "11.6.1 - 11.6.2"
}
]
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "DoS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-06T10:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K33211839"
},
{
"name": "103217",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103217"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2018-02-28T00:00:00",
"ID": "CVE-2018-5500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
"version": {
"version_data": [
{
"version_value": "13.0.0"
},
{
"version_value": "12.1.0 - 12.1.3.1"
},
{
"version_value": "11.6.1 - 11.6.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - 11.6.2, every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual server using TCP profile with Multipath TCP (MCTCP) feature enabled will be affected by this issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K33211839",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K33211839"
},
{
"name": "103217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103217"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2018-5500",
"datePublished": "2018-03-01T16:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-16T20:41:38.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6140 (GCVE-0-2017-6140)
Vulnerability from nvd – Published: 2017-12-21 17:00 – Updated: 2024-09-17 04:04
VLAI?
Summary
On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM, PEM |
Affected:
11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4
Affected: 11.6.0, 11.6.1 Affected: 12.0.0, 12.1.0, 12.1.1, 12.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040042",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040042"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K55102452"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM, PEM",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4"
},
{
"status": "affected",
"version": "11.6.0, 11.6.1"
},
{
"status": "affected",
"version": "12.0.0, 12.1.0, 12.1.1, 12.1.2"
}
]
}
],
"datePublic": "2017-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-22T10:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"name": "1040042",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040042"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K55102452"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2017-12-20T00:00:00",
"ID": "CVE-2017-6140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM, PEM",
"version": {
"version_data": [
{
"version_value": "11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4"
},
{
"version_value": "11.6.0, 11.6.1"
},
{
"version_value": "12.0.0, 12.1.0, 12.1.1, 12.1.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, i10600,i10800, and VIPRION 4450 blades, running version 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 or 12.1.2 of BIG-IP LTM, AAM, AFM, Analytics, ASM, DNS, GTM or PEM, an undisclosed sequence of packets sent to Virtual Servers with client or server SSL profiles may cause disruption of data plane services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040042",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040042"
},
{
"name": "https://support.f5.com/csp/article/K55102452",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K55102452"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-6140",
"datePublished": "2017-12-21T17:00:00Z",
"dateReserved": "2017-02-21T00:00:00",
"dateUpdated": "2024-09-17T04:04:09.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6135 (GCVE-0-2017-6135)
Vulnerability from nvd – Published: 2017-12-21 17:00 – Updated: 2024-09-16 18:08
VLAI?
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe |
Affected:
13.0.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K43322910"
},
{
"name": "1040050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040050"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.0.0"
}
]
}
],
"datePublic": "2017-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-23T10:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K43322910"
},
{
"name": "1040050",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040050"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2017-12-20T00:00:00",
"ID": "CVE-2017-6135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
"version": {
"version_data": [
{
"version_value": "13.0.0"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0, a slow memory leak as a result of undisclosed IPv4 or IPv6 packets sent to BIG-IP management port or self IP addresses may lead to out of memory (OOM) conditions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K43322910",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K43322910"
},
{
"name": "1040050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040050"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-6135",
"datePublished": "2017-12-21T17:00:00Z",
"dateReserved": "2017-02-21T00:00:00",
"dateUpdated": "2024-09-16T18:08:05.215Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6138 (GCVE-0-2017-6138)
Vulnerability from nvd – Published: 2017-12-21 17:00 – Updated: 2024-09-17 02:21
VLAI?
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe |
Affected:
13.0.0
Affected: 12.1.0 - 12.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1040051",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K34514540"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.2"
}
]
}
],
"datePublic": "2017-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default \"normalize URI\" configuration options used in iRules and/or BIG-IP LTM policies."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-23T10:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"name": "1040051",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K34514540"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2017-12-20T00:00:00",
"ID": "CVE-2017-6138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
"version": {
"version_data": [
{
"version_value": "13.0.0"
},
{
"version_value": "12.1.0 - 12.1.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with BIG-IP APM profiles, regardless of settings. The issue is also exposed with the non-default \"normalize URI\" configuration options used in iRules and/or BIG-IP LTM policies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040051",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040051"
},
{
"name": "https://support.f5.com/csp/article/K34514540",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K34514540"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-6138",
"datePublished": "2017-12-21T17:00:00Z",
"dateReserved": "2017-02-21T00:00:00",
"dateUpdated": "2024-09-17T02:21:41.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6167 (GCVE-0-2017-6167)
Vulnerability from nvd – Published: 2017-12-21 17:00 – Updated: 2024-09-17 03:58
VLAI?
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected.
Severity ?
No CVSS data available.
CWE
- Privilege Escalation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe |
Affected:
13.0.0
Affected: 12.1.0 - 12.1.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K24465120"
},
{
"name": "1040053",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040053"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.1.0 - 12.1.2"
}
]
}
],
"datePublic": "2017-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Privilege Escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-23T10:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K24465120"
},
{
"name": "1040053",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040053"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2017-12-20T00:00:00",
"ID": "CVE-2017-6167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
"version": {
"version_data": [
{
"version_value": "13.0.0"
},
{
"version_value": "12.1.0 - 12.1.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K24465120",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K24465120"
},
{
"name": "1040053",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040053"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-6167",
"datePublished": "2017-12-21T17:00:00Z",
"dateReserved": "2017-02-21T00:00:00",
"dateUpdated": "2024-09-17T03:58:35.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6132 (GCVE-0-2017-6132)
Vulnerability from nvd – Published: 2017-12-21 17:00 – Updated: 2024-09-16 19:05
VLAI?
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe |
Affected:
13.0.0
Affected: 12.0.0 - 12.1.2 Affected: 11.6.0 - 11.6.1 Affected: 11.5.0 - 11.5.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102333",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102333"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K12044607"
},
{
"name": "1040049",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "13.0.0"
},
{
"status": "affected",
"version": "12.0.0 - 12.1.2"
},
{
"status": "affected",
"version": "11.6.0 - 11.6.1"
},
{
"status": "affected",
"version": "11.5.0 - 11.5.4"
}
]
}
],
"datePublic": "2017-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T10:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"name": "102333",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102333"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K12044607"
},
{
"name": "1040049",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040049"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2017-12-20T00:00:00",
"ID": "CVE-2017-6132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe",
"version": {
"version_data": [
{
"version_value": "13.0.0"
},
{
"version_value": "12.0.0 - 12.1.2"
},
{
"version_value": "11.6.0 - 11.6.1"
},
{
"version_value": "11.5.0 - 11.5.4"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102333"
},
{
"name": "https://support.f5.com/csp/article/K12044607",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K12044607"
},
{
"name": "1040049",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040049"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-6132",
"datePublished": "2017-12-21T17:00:00Z",
"dateReserved": "2017-02-21T00:00:00",
"dateUpdated": "2024-09-16T19:05:17.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}