All the vulnerabilites related to f5 - big-ip_ltm
Vulnerability from fkie_nvd
Published
2017-11-22 16:29
Modified
2024-11-21 03:29
Severity ?
Summary
In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | http://www.securityfocus.com/bid/102264 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | http://www.securitytracker.com/id/1039949 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K65615624 | Issue Tracking, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102264 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039949 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K65615624 | Issue Tracking, Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | big-ip_afm | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_apm | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_asm | * | |
| f5 | big-ip_dns | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_ltm | * | |
| f5 | big-ip_pem | * | |
| f5 | f5_websafe | * | |
| f5 | linerate | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_afm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55477759-BD0D-45A9-812B-E3E227DCD31A",
"versionEndIncluding": "12.1.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A9F024E-74B6-4D90-AD0E-869BD0AF8BAD",
"versionEndIncluding": "12.1.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_apm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A84C593D-7A8C-49F4-A490-4D330D8BCBD8",
"versionEndIncluding": "12.1.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10DAFC58-80B6-4BB6-9B74-8D4B122F5797",
"versionEndIncluding": "12.1.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_asm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47AC2C-F267-4B16-98E0-7D6676D55CE0",
"versionEndIncluding": "12.1.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE031CCC-7CD0-44DE-B101-EB9181036775",
"versionEndIncluding": "12.1.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B42DCF7-9DCD-4091-8553-8FF5D9417D6D",
"versionEndIncluding": "12.1.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ltm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB56B6D2-4BAB-4C20-B971-67CAF45FD08E",
"versionEndIncluding": "12.1.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_pem:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A49CA8-47F8-4FF2-9ECD-5B1A2B444ED8",
"versionEndIncluding": "12.1.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:f5_websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC666CC-14CC-4CCB-BD0E-88FDB18D298C",
"versionEndIncluding": "12.1.1",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:linerate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E83ABC2C-AF58-423C-944D-8127881E2408",
"versionEndIncluding": "2.6.2",
"versionStartIncluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device."
},
{
"lang": "es",
"value": "En el software BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM y WebSafe desde la versi\u00f3n 12.0.0 a la 12.1.1, en algunos casos, el componente Traffic Management Microkernel (TMM) podr\u00eda cerrarse inesperadamente al procesar paquetes fragmentados. Esta vulnerabilidad afecta al TMM mediante un servidor virtual configurado con perfil FastL4. El procesamiento del tr\u00e1fico se interrumpe mientras el TMM (Traffic Management Microkernel) se reinicia. Si el sistema BIG-IP afectado est\u00e1 configurado como parte de un grupo de dispositivos, desencadenar\u00e1 una conmutaci\u00f3n por error en el dispositivo del mismo nivel."
}
],
"id": "CVE-2017-6166",
"lastModified": "2024-11-21T03:29:11.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-22T16:29:00.337",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102264"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039949"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K65615624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K65615624"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-17 19:29
Modified
2024-11-21 03:29
Severity ?
Summary
On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | big-ip_ltm | * | |
| f5 | big-ip_ltm | * | |
| f5 | big-ip_ltm | 13.0.0 | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | * | |
| f5 | big-ip_application_acceleration_manager | 13.0.0 | |
| f5 | big-ip_afm | * | |
| f5 | big-ip_afm | * | |
| f5 | big-ip_afm | 13.0.0 | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | * | |
| f5 | big-ip_analytics | 13.0.0 | |
| f5 | big-ip_apm | * | |
| f5 | big-ip_apm | * | |
| f5 | big-ip_apm | 13.0.0 | |
| f5 | big-ip_asm | * | |
| f5 | big-ip_asm | * | |
| f5 | big-ip_asm | 13.0.0 | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | * | |
| f5 | big-ip_link_controller | 13.0.0 | |
| f5 | big-ip_pem | * | |
| f5 | big-ip_pem | * | |
| f5 | big-ip_pem | 13.0.0 | |
| f5 | websafe | * | |
| f5 | websafe | 11.6.2 | |
| f5 | websafe | 13.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_ltm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1BD6762-15E4-495A-BB93-66EBF5F81C24",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ltm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A8E03DAF-41DD-45C6-BD69-EAD1423BEFF0",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ltm:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8201185-406F-4769-8690-9734C3DA2B48",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6932A666-B5B2-463F-922E-303E95BEF9F8",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39E45CF5-C9E4-4AB9-A6D5-66F8336DDB79",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_afm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF5BC5CE-AD6C-4225-B45A-71E6D709F9AB",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_afm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEFC0AC4-E0A9-4EAE-B573-F70F5B5375DB",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_afm:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17A138CE-D1E3-4331-89F6-717539F1B59F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95131361-AFA7-43CA-9426-4F9A6644D337",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25944BCA-3EEB-4396-AC8F-EF58834BC47E",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_apm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB69EC13-3CDB-44C9-9328-7BE4F7E0013A",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_apm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0762B8-793F-4619-9BA6-F98654F05B9D",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_apm:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E66DDC7E-1DFA-45C0-AA78-C44EE39352E0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_asm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "465D4268-5052-4FF1-936F-813E8971A72B",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_asm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A00C9178-7218-483B-8280-5B5F39695772",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_asm:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "795163B3-60B2-4C3B-AFF9-14B19D728811",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3938A3B7-CF57-477D-9C88-478B75D720B8",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A5CD9B-D257-4EC9-8C57-D9552C2FFFFC",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_pem:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA238C0E-74F9-4395-ACE0-0B3266ED12C4",
"versionEndIncluding": "11.6.2",
"versionStartIncluding": "11.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_pem:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E02B0B-3539-467A-9A2D-0D0B24C60ABC",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_pem:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4700490-894F-4CCD-92A4-595043F38B7F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:websafe:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28F486A3-129D-470E-94B7-7ED06E3740A6",
"versionEndIncluding": "12.1.2",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:websafe:11.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "186C996F-8E31-493B-BC0F-C5D831AB0BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:websafe:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2175D656-06F7-4708-9DC0-E859BABD3CC6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server\u0027s private key itself, aka a ROBOT attack."
},
{
"lang": "es",
"value": "En BIG-IP en las versiones desde la 11.6.0 hasta la 11.6.2 (solucionado en la versi\u00f3n 11.6.2 HF1), desde la 12.0.0 hasta la 12.1.2 HF1 (solucionado en la versi\u00f3n 12.1.2 HF2) o desde la 13.0.0 hasta la 13.0.0 HF2 (solucionado en la versi\u00f3n 13.0.0 HF3) un servidor virtual configurado con un perfil SSL de cliente puede ser vulnerable a un ataque adaptativo de texto cifrado escogido (tambi\u00e9n conocido como ataque Bleichenbacher) contra RSA. Cuando se explota este ataque, puede dar lugar a la recuperaci\u00f3n de texto plano de mensajes cifrados y/o a un ataque Man-in-the-middle (MiTM), a pesar de que el atacante no haya obtenido acceso a la propia clave privada del servidor. Esto tambi\u00e9n se conoce como ataque ROBOT."
}
],
"id": "CVE-2017-6168",
"lastModified": "2024-11-21T03:29:11.263",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-17T19:29:00.217",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101901"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039839"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://robotattack.org/"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K21905460"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/144389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101901"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description",
"Third Party Advisory"
],
"url": "https://robotattack.org/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://support.f5.com/csp/article/K21905460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/144389"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-203"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2017-6168
Vulnerability from cvelistv5
Published
2017-11-17 19:00
Modified
2024-08-05 15:18
Severity ?
EPSS score ?
Summary
On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://robotattack.org/ | x_refsource_MISC | |
| https://support.f5.com/csp/article/K21905460 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/101901 | vdb-entry, x_refsource_BID | |
| https://www.kb.cert.org/vuls/id/144389 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securitytracker.com/id/1039839 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://robotattack.org/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K21905460"
},
{
"name": "101901",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101901"
},
{
"name": "VU#144389",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/144389"
},
{
"name": "1039839",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039839"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server\u0027s private key itself, aka a ROBOT attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-12T17:57:02",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://robotattack.org/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K21905460"
},
{
"name": "101901",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101901"
},
{
"name": "VU#144389",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/144389"
},
{
"name": "1039839",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039839"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2017-6168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server\u0027s private key itself, aka a ROBOT attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://robotattack.org/",
"refsource": "MISC",
"url": "https://robotattack.org/"
},
{
"name": "https://support.f5.com/csp/article/K21905460",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K21905460"
},
{
"name": "101901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101901"
},
{
"name": "VU#144389",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/144389"
},
{
"name": "1039839",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039839"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-6168",
"datePublished": "2017-11-17T19:00:00",
"dateReserved": "2017-02-21T00:00:00",
"dateUpdated": "2024-08-05T15:18:49.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6166
Vulnerability from cvelistv5
Published
2017-11-22 16:00
Modified
2024-09-16 19:36
Severity ?
EPSS score ?
Summary
In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102264 | vdb-entry, x_refsource_BID | |
| https://support.f5.com/csp/article/K65615624 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1039949 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe |
Version: 12.0.0, 12.1.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102264",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102264"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K65615624"
},
{
"name": "1039949",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039949"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "12.0.0, 12.1.1"
}
]
}
],
"datePublic": "2017-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-26T10:57:01",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"name": "102264",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102264"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K65615624"
},
{
"name": "1039949",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039949"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2017-11-21T00:00:00",
"ID": "CVE-2017-6166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe",
"version": {
"version_data": [
{
"version_value": "12.0.0, 12.1.1"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102264"
},
{
"name": "https://support.f5.com/csp/article/K65615624",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K65615624"
},
{
"name": "1039949",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039949"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2017-6166",
"datePublished": "2017-11-22T16:00:00Z",
"dateReserved": "2017-02-21T00:00:00",
"dateUpdated": "2024-09-16T19:36:14.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}