cvelistv5 - cve-2017-6131

CVE-2017-6131 (GCVE-0-2017-6131)

Vulnerability from cvelistv5 – Published: 2017-05-23 15:00 – Updated: 2024-08-05 15:18

Summary

Severity ?

No CVSS data available.

CWE

default administrative password

Assigner

References

URL

Tags

	https://support.f5.com/csp/article/K61757346	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1038569	vdb-entryx_refsource_SECTRACK

Impacted products

	Vendor	Product	Version
	F5 Networks, Inc.	BIG-IP Azure cloud instance	Affected: 12.0.0 to 12.1.2 Affected: 13.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:18:49.911Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K61757346"
          },
          {
            "name": "1038569",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038569"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIG-IP Azure cloud instance",
          "vendor": "F5 Networks, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "12.0.0 to 12.1.2"
            },
            {
              "status": "affected",
              "version": "13.0.0"
            }
          ]
        }
      ],
      "datePublic": "2017-05-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "default administrative password",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T09:57:01",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K61757346"
        },
        {
          "name": "1038569",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038569"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "ID": "CVE-2017-6131",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIG-IP Azure cloud instance",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "12.0.0 to 12.1.2"
                          },
                          {
                            "version_value": "13.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "F5 Networks, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "default administrative password"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K61757346",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K61757346"
            },
            {
              "name": "1038569",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038569"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2017-6131",
    "datePublished": "2017-05-23T15:00:00",
    "dateReserved": "2017-02-21T00:00:00",
    "dateUpdated": "2024-08-05T15:18:49.911Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"44F1E5E0-BD63-4A4A-BC4E-A1D5495F8B5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A82C7B1C-E195-4D94-B604-78FB464C4F81\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F6C3144-D0DE-4248-BFCD-04A7E6104044\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0357B5ED-0600-4756-93E5-692987068596\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA7D64DC-7271-4617-BD46-99C8246779CA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3CA2FA6B-3930-432F-8FB5-E73604CEFE42\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECA90FB8-E2CD-400F-B753-1B482E7FAC96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FEC804B-35DB-4A0C-9AEA-15527E0CC1B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEB228A9-0C01-4531-B2B2-38BB7B0E02E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D75D5AD-C20A-4D94-84E0-E695C9D2A26D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"532AAF54-64EF-4852-B4F1-D5E660463704\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC827031-CA39-4081-8CE0-30EAC78DF756\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7569903B-3A15-4A10-863B-6828337DD268\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45825991-D17D-42F1-87B4-7DF86B098B45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C4E5F36-434B-48E1-9715-4EEC22FB23D1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B62FEC0-EE22-46E6-B811-8AB0EE4C3E2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCD2044C-AC6F-4145-B1A0-8EB26DCF1F8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FC866D4-CE8C-4408-AD1E-8643AC554CC9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7563D979-BE37-4251-B92E-0DBDBE53F3FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BCF89E7C-806E-4800-BAA9-0225433B6C56\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62B0A70A-D101-443E-A543-5EC35E23D66F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2DB2118A-0F9C-4273-BB07-85FEA32C785B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8541C9EF-69A8-4641-B173-3BCE0EDD20A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E24A3C71-0075-4738-B114-267337D050CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7569977A-E567-4115-B00C-4B0CBA86582E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"524B2D05-508C-47FF-94A0-6CC42060E638\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:12.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55DD7394-BD0A-42FD-A367-827F35397A20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:12.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98509F74-301A-4D1F-A2B4-B01B80CEFFCA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:12.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E87FFF5F-5BB1-4E2F-BD15-3BA7C9B26FEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:13.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3F2F72B2-84F2-4FA2-9B53-E98344235EB6\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E90C12AF-44BA-44A2-89ED-0C2497EEC8A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:12.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BBBB6E7C-DA1A-479F-9DD2-DE0C3CA82E92\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:12.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4913B437-33FF-4B5E-A855-9DA00B35E3B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:12.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EDCFE65B-340B-4F7D-93A1-4390BBC8E67F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E2C4414E-8016-48B5-8CC3-F97FF2D85922\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"23FF9627-E561-4CF7-A685-6E33D2F6C98C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"64273A2C-E5A1-4605-92DD-EBECC7F051D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E60CA151-1C3A-45B3-B939-E6F80063C595\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58BAD5A9-9C67-4056-9344-07C8C42C8E88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"42821916-E601-4831-B37B-3202ACF2C562\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_websafe:12.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2EE1EEA6-1E25-4A90-91A1-386D19808557\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_websafe:12.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16A05340-0AE2-49CA-903F-44383421577E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_websafe:12.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"583F134E-1616-44F2-8EF0-0CFA5CCEF0AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_websafe:12.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"86D0731D-E9DA-4056-9AC6-F204C2F915F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2E56D76-1A89-46AB-9C17-CB24662FFDE7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH.\"}, {\"lang\": \"es\", \"value\": \"En algunas circunstancias, una instancia de nube de Azure de F5 BIG-IP versiones 12.0.0 hasta 12.1.2 y versi\\u00f3n 13.0.0, puede contener una contrase\\u00f1a administrativa por defecto que podr\\u00eda usarse para iniciar sesi\\u00f3n de manera remota en el sistema BIG-IP. La cuenta administrativa afectada es el usuario administrativo de instancia Azure que se cre\\u00f3 en la implementaci\\u00f3n. Las cuentas root y administrador no son vulnerables. Un atacante puede acceder de remotamente al host BIG-IP por medio de SSH.\"}]",
      "id": "CVE-2017-6131",
      "lastModified": "2024-11-21T03:29:06.483",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-05-23T15:29:00.190",
      "references": "[{\"url\": \"http://www.securitytracker.com/id/1038569\", \"source\": \"f5sirt@f5.com\"}, {\"url\": \"https://support.f5.com/csp/article/K61757346\", \"source\": \"f5sirt@f5.com\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1038569\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.f5.com/csp/article/K61757346\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "f5sirt@f5.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-798\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-6131\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2017-05-23T15:29:00.190\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH.\"},{\"lang\":\"es\",\"value\":\"En algunas circunstancias, una instancia de nube de Azure de F5 BIG-IP versiones 12.0.0 hasta 12.1.2 y versi\u00f3n 13.0.0, puede contener una contrase\u00f1a administrativa por defecto que podr\u00eda usarse para iniciar sesi\u00f3n de manera remota en el sistema BIG-IP. La cuenta administrativa afectada es el usuario administrativo de instancia Azure que se cre\u00f3 en la implementaci\u00f3n. Las cuentas root y administrador no son vulnerables. Un atacante puede acceder de remotamente al host BIG-IP por medio de SSH.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44F1E5E0-BD63-4A4A-BC4E-A1D5495F8B5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A82C7B1C-E195-4D94-B604-78FB464C4F81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F6C3144-D0DE-4248-BFCD-04A7E6104044\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0357B5ED-0600-4756-93E5-692987068596\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA7D64DC-7271-4617-BD46-99C8246779CA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CA2FA6B-3930-432F-8FB5-E73604CEFE42\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECA90FB8-E2CD-400F-B753-1B482E7FAC96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FEC804B-35DB-4A0C-9AEA-15527E0CC1B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEB228A9-0C01-4531-B2B2-38BB7B0E02E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D75D5AD-C20A-4D94-84E0-E695C9D2A26D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"532AAF54-64EF-4852-B4F1-D5E660463704\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC827031-CA39-4081-8CE0-30EAC78DF756\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7569903B-3A15-4A10-863B-6828337DD268\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45825991-D17D-42F1-87B4-7DF86B098B45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C4E5F36-434B-48E1-9715-4EEC22FB23D1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B62FEC0-EE22-46E6-B811-8AB0EE4C3E2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCD2044C-AC6F-4145-B1A0-8EB26DCF1F8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FC866D4-CE8C-4408-AD1E-8643AC554CC9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7563D979-BE37-4251-B92E-0DBDBE53F3FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BCF89E7C-806E-4800-BAA9-0225433B6C56\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62B0A70A-D101-443E-A543-5EC35E23D66F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DB2118A-0F9C-4273-BB07-85FEA32C785B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8541C9EF-69A8-4641-B173-3BCE0EDD20A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E24A3C71-0075-4738-B114-267337D050CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7569977A-E567-4115-B00C-4B0CBA86582E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"524B2D05-508C-47FF-94A0-6CC42060E638\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55DD7394-BD0A-42FD-A367-827F35397A20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98509F74-301A-4D1F-A2B4-B01B80CEFFCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:12.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E87FFF5F-5BB1-4E2F-BD15-3BA7C9B26FEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F2F72B2-84F2-4FA2-9B53-E98344235EB6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E90C12AF-44BA-44A2-89ED-0C2497EEC8A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BBBB6E7C-DA1A-479F-9DD2-DE0C3CA82E92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4913B437-33FF-4B5E-A855-9DA00B35E3B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:12.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDCFE65B-340B-4F7D-93A1-4390BBC8E67F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2C4414E-8016-48B5-8CC3-F97FF2D85922\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"23FF9627-E561-4CF7-A685-6E33D2F6C98C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64273A2C-E5A1-4605-92DD-EBECC7F051D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E60CA151-1C3A-45B3-B939-E6F80063C595\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58BAD5A9-9C67-4056-9344-07C8C42C8E88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42821916-E601-4831-B37B-3202ACF2C562\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:12.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EE1EEA6-1E25-4A90-91A1-386D19808557\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16A05340-0AE2-49CA-903F-44383421577E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:12.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"583F134E-1616-44F2-8EF0-0CFA5CCEF0AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:12.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86D0731D-E9DA-4056-9AC6-F204C2F915F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2E56D76-1A89-46AB-9C17-CB24662FFDE7\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1038569\",\"source\":\"f5sirt@f5.com\"},{\"url\":\"https://support.f5.com/csp/article/K61757346\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1038569\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.f5.com/csp/article/K61757346\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2017-10163

Vulnerability from cnvd - Published: 2017-06-19

Title

F5 BIG-IP默认密码漏洞

Description

F5 BIG-IP是一个负载均衡器，采用各种分配算法把网络请求分散到一个服务器集群中的可用服务器上去，通过管理进入的Web数据流量和增加有效的网络带宽，从而使网络访问者获得尽可能最佳的联网体验的硬件设备。 F5 BIG-IP产品存在默认密码漏洞。攻击者可通过SSH利用该漏洞获取底层嵌入式UNIX操作系统的访问权限，并完全控制该系统。

Severity

高

Patch Name

F5 BIG-IP默认密码漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://support.f5.com/csp/article/K61757346

Reference

http://securitytracker.com/id/1038569

Impacted products

Name
['F5 Traffix SDC', 'F5 LineRate', 'F5 BIG-IQ Cloud and Orchestration', 'F5 BIG-IQ Centralized Management', 'F5 BIG-IQ ADC', 'F5 BIG-IQ Security', 'F5 BIG-IQ Device', 'F5 BIG-IQ Cloud', 'F5 Enterprise Manager', 'F5 ARX', 'F5 BIG-IP WebAccelerator', 'F5 BIG-IP PSM', 'F5 BIG-IP WebSafe >=12.0.0，<=12.1.2', 'F5 BIG-IP WebSafe 13.0.0', 'F5 BIG-IP Link Controller >=12.0.0，<=12.1.2', 'F5 BIG-IP Link Controller 13.0.0', 'F5 BIG-IP GTM', 'F5 BIG-IP Edge Gateway', 'F5 BIG-IP Analytics', 'F5 BIG-IP AAM >=12.0.0，<=12.1.2', 'F5 BIG-IP AAM 13.0.0', 'F5 BIG-IP LTM >=12.0.0，<=12.1.2', 'F5 BIG-IP LTM 13.0.0', 'F5 BIG-IP AFM >=12.0.0，<=12.1.2', 'F5 BIG-IP AFM 13.0.0', 'F5 BIG-IP APM >=12.0.0，<=12.1.2', 'F5 BIG-IP APM 13.0.0', 'F5 BIG-IP ASM >=12.0.0，<=12.1.2', 'F5 BIG-IP ASM 13.0.0', 'F5 BIG-IP DNS >=12.0.0，<=12.1.2', 'F5 BIG-IP DNS 13.0.0']

Name

['F5 Traffix SDC', 'F5 LineRate', 'F5 BIG-IQ Cloud and Orchestration', 'F5 BIG-IQ Centralized Management', 'F5 BIG-IQ ADC', 'F5 BIG-IQ Security', 'F5 BIG-IQ Device', 'F5 BIG-IQ Cloud', 'F5 Enterprise Manager', 'F5 ARX', 'F5 BIG-IP WebAccelerator', 'F5 BIG-IP PSM', 'F5 BIG-IP WebSafe >=12.0.0，<=12.1.2', 'F5 BIG-IP WebSafe 13.0.0', 'F5 BIG-IP Link Controller >=12.0.0，<=12.1.2', 'F5 BIG-IP Link Controller 13.0.0', 'F5 BIG-IP GTM', 'F5 BIG-IP Edge Gateway', 'F5 BIG-IP Analytics', 'F5 BIG-IP AAM >=12.0.0，<=12.1.2', 'F5 BIG-IP AAM 13.0.0', 'F5 BIG-IP LTM >=12.0.0，<=12.1.2', 'F5 BIG-IP LTM 13.0.0', 'F5 BIG-IP AFM >=12.0.0，<=12.1.2', 'F5 BIG-IP AFM 13.0.0', 'F5 BIG-IP APM >=12.0.0，<=12.1.2', 'F5 BIG-IP APM 13.0.0', 'F5 BIG-IP ASM >=12.0.0，<=12.1.2', 'F5 BIG-IP ASM 13.0.0', 'F5 BIG-IP DNS >=12.0.0，<=12.1.2', 'F5 BIG-IP DNS 13.0.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6131",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6131"
    }
  },
  "description": "F5 BIG-IP\u662f\u4e00\u4e2a\u8d1f\u8f7d\u5747\u8861\u5668\uff0c\u91c7\u7528\u5404\u79cd\u5206\u914d\u7b97\u6cd5\u628a\u7f51\u7edc\u8bf7\u6c42\u5206\u6563\u5230\u4e00\u4e2a\u670d\u52a1\u5668\u96c6\u7fa4\u4e2d\u7684\u53ef\u7528\u670d\u52a1\u5668\u4e0a\u53bb\uff0c\u901a\u8fc7\u7ba1\u7406\u8fdb\u5165\u7684Web\u6570\u636e\u6d41\u91cf\u548c\u589e\u52a0\u6709\u6548\u7684\u7f51\u7edc\u5e26\u5bbd\uff0c\u4ece\u800c\u4f7f\u7f51\u7edc\u8bbf\u95ee\u8005\u83b7\u5f97\u5c3d\u53ef\u80fd\u6700\u4f73\u7684\u8054\u7f51\u4f53\u9a8c\u7684\u786c\u4ef6\u8bbe\u5907\u3002\r\n\r\nF5 BIG-IP\u4ea7\u54c1\u5b58\u5728\u9ed8\u8ba4\u5bc6\u7801\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7SSH\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u5e95\u5c42\u5d4c\u5165\u5f0fUNIX\u64cd\u4f5c\u7cfb\u7edf\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u5e76\u5b8c\u5168\u63a7\u5236\u8be5\u7cfb\u7edf\u3002",
  "discovererName": "F5",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.f5.com/csp/article/K61757346",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-10163",
  "openTime": "2017-06-19",
  "patchDescription": "F5 BIG-IP\u662f\u4e00\u4e2a\u8d1f\u8f7d\u5747\u8861\u5668\uff0c\u91c7\u7528\u5404\u79cd\u5206\u914d\u7b97\u6cd5\u628a\u7f51\u7edc\u8bf7\u6c42\u5206\u6563\u5230\u4e00\u4e2a\u670d\u52a1\u5668\u96c6\u7fa4\u4e2d\u7684\u53ef\u7528\u670d\u52a1\u5668\u4e0a\u53bb\uff0c\u901a\u8fc7\u7ba1\u7406\u8fdb\u5165\u7684Web\u6570\u636e\u6d41\u91cf\u548c\u589e\u52a0\u6709\u6548\u7684\u7f51\u7edc\u5e26\u5bbd\uff0c\u4ece\u800c\u4f7f\u7f51\u7edc\u8bbf\u95ee\u8005\u83b7\u5f97\u5c3d\u53ef\u80fd\u6700\u4f73\u7684\u8054\u7f51\u4f53\u9a8c\u7684\u786c\u4ef6\u8bbe\u5907\u3002\r\n\r\nF5 BIG-IP\u4ea7\u54c1\u5b58\u5728\u9ed8\u8ba4\u5bc6\u7801\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7SSH\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u5e95\u5c42\u5d4c\u5165\u5f0fUNIX\u64cd\u4f5c\u7cfb\u7edf\u7684\u8bbf\u95ee\u6743\u9650\uff0c\u5e76\u5b8c\u5168\u63a7\u5236\u8be5\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "F5 BIG-IP\u9ed8\u8ba4\u5bc6\u7801\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "F5 Traffix SDC",
      "F5 LineRate",
      "F5 BIG-IQ Cloud and Orchestration",
      "F5 BIG-IQ Centralized Management",
      "F5 BIG-IQ ADC",
      "F5 BIG-IQ Security",
      "F5 BIG-IQ Device",
      "F5 BIG-IQ Cloud",
      "F5 Enterprise Manager",
      "F5 ARX",
      "F5 BIG-IP WebAccelerator",
      "F5 BIG-IP PSM",
      "F5 BIG-IP WebSafe \u003e=12.0.0\uff0c\u003c=12.1.2",
      "F5 BIG-IP WebSafe 13.0.0",
      "F5 BIG-IP Link Controller \u003e=12.0.0\uff0c\u003c=12.1.2",
      "F5 BIG-IP Link Controller 13.0.0",
      "F5 BIG-IP GTM",
      "F5 BIG-IP Edge Gateway",
      "F5 BIG-IP Analytics",
      "F5 BIG-IP AAM \u003e=12.0.0\uff0c\u003c=12.1.2",
      "F5 BIG-IP AAM 13.0.0",
      "F5 BIG-IP LTM \u003e=12.0.0\uff0c\u003c=12.1.2",
      "F5 BIG-IP LTM 13.0.0",
      "F5 BIG-IP AFM \u003e=12.0.0\uff0c\u003c=12.1.2",
      "F5 BIG-IP AFM 13.0.0",
      "F5 BIG-IP APM \u003e=12.0.0\uff0c\u003c=12.1.2",
      "F5 BIG-IP APM 13.0.0",
      "F5 BIG-IP ASM \u003e=12.0.0\uff0c\u003c=12.1.2",
      "F5 BIG-IP ASM 13.0.0",
      "F5 BIG-IP DNS \u003e=12.0.0\uff0c\u003c=12.1.2",
      "F5 BIG-IP DNS 13.0.0"
    ]
  },
  "referenceLink": "http://securitytracker.com/id/1038569",
  "serverity": "\u9ad8",
  "submitTime": "2017-06-01",
  "title": "F5 BIG-IP\u9ed8\u8ba4\u5bc6\u7801\u6f0f\u6d1e"
}

FKIE_CVE-2017-6131

Vulnerability from fkie_nvd - Published: 2017-05-23 15:29 - Updated: 2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
f5sirt@f5.com	http://www.securitytracker.com/id/1038569
f5sirt@f5.com	https://support.f5.com/csp/article/K61757346	Permissions Required, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1038569
af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K61757346	Permissions Required, Vendor Advisory

Impacted products

Vendor	Product	Version
f5	big-ip_local_traffic_manager	12.0.0
f5	big-ip_local_traffic_manager	12.1.0
f5	big-ip_local_traffic_manager	12.1.1
f5	big-ip_local_traffic_manager	12.1.2
f5	big-ip_local_traffic_manager	13.0.0
f5	big-ip_application_acceleration_manager	12.0.0
f5	big-ip_application_acceleration_manager	12.1.0
f5	big-ip_application_acceleration_manager	12.1.1
f5	big-ip_application_acceleration_manager	12.1.2
f5	big-ip_application_acceleration_manager	13.0.0
f5	big-ip_advanced_firewall_manager	12.0.0
f5	big-ip_advanced_firewall_manager	12.1.0
f5	big-ip_advanced_firewall_manager	12.1.1
f5	big-ip_advanced_firewall_manager	12.1.2
f5	big-ip_advanced_firewall_manager	13.0.0
f5	big-ip_access_policy_manager	12.0.0
f5	big-ip_access_policy_manager	12.1.0
f5	big-ip_access_policy_manager	12.1.1
f5	big-ip_access_policy_manager	12.1.2
f5	big-ip_access_policy_manager	13.0.0
f5	big-ip_application_security_manager	12.0.0
f5	big-ip_application_security_manager	12.1.0
f5	big-ip_application_security_manager	12.1.1
f5	big-ip_application_security_manager	12.1.2
f5	big-ip_application_security_manager	13.0.0
f5	big-ip_domain_name_system	12.0.0
f5	big-ip_domain_name_system	12.1.0
f5	big-ip_domain_name_system	12.1.1
f5	big-ip_domain_name_system	12.1.2
f5	big-ip_domain_name_system	13.0.0
f5	big-ip_link_controller	12.0.0
f5	big-ip_link_controller	12.1.0
f5	big-ip_link_controller	12.1.1
f5	big-ip_link_controller	12.1.2
f5	big-ip_link_controller	13.0.0
f5	big-ip_policy_enforcement_manager	12.0.0
f5	big-ip_policy_enforcement_manager	12.1.0
f5	big-ip_policy_enforcement_manager	12.1.1
f5	big-ip_policy_enforcement_manager	12.1.2
f5	big-ip_policy_enforcement_manager	13.0.0
f5	big-ip_websafe	12.0.0
f5	big-ip_websafe	12.1.0
f5	big-ip_websafe	12.1.1
f5	big-ip_websafe	12.1.2
f5	big-ip_websafe	13.0.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44F1E5E0-BD63-4A4A-BC4E-A1D5495F8B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A82C7B1C-E195-4D94-B604-78FB464C4F81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F6C3144-D0DE-4248-BFCD-04A7E6104044",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0357B5ED-0600-4756-93E5-692987068596",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA7D64DC-7271-4617-BD46-99C8246779CA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CA2FA6B-3930-432F-8FB5-E73604CEFE42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECA90FB8-E2CD-400F-B753-1B482E7FAC96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FEC804B-35DB-4A0C-9AEA-15527E0CC1B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEB228A9-0C01-4531-B2B2-38BB7B0E02E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "532AAF54-64EF-4852-B4F1-D5E660463704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC827031-CA39-4081-8CE0-30EAC78DF756",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569903B-3A15-4A10-863B-6828337DD268",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "45825991-D17D-42F1-87B4-7DF86B098B45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C4E5F36-434B-48E1-9715-4EEC22FB23D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B62FEC0-EE22-46E6-B811-8AB0EE4C3E2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD2044C-AC6F-4145-B1A0-8EB26DCF1F8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FC866D4-CE8C-4408-AD1E-8643AC554CC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7563D979-BE37-4251-B92E-0DBDBE53F3FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCF89E7C-806E-4800-BAA9-0225433B6C56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B0A70A-D101-443E-A543-5EC35E23D66F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB2118A-0F9C-4273-BB07-85FEA32C785B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8541C9EF-69A8-4641-B173-3BCE0EDD20A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E24A3C71-0075-4738-B114-267337D050CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569977A-E567-4115-B00C-4B0CBA86582E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "524B2D05-508C-47FF-94A0-6CC42060E638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55DD7394-BD0A-42FD-A367-827F35397A20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "98509F74-301A-4D1F-A2B4-B01B80CEFFCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E87FFF5F-5BB1-4E2F-BD15-3BA7C9B26FEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F2F72B2-84F2-4FA2-9B53-E98344235EB6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E90C12AF-44BA-44A2-89ED-0C2497EEC8A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBBB6E7C-DA1A-479F-9DD2-DE0C3CA82E92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4913B437-33FF-4B5E-A855-9DA00B35E3B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:12.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDCFE65B-340B-4F7D-93A1-4390BBC8E67F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "23FF9627-E561-4CF7-A685-6E33D2F6C98C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "64273A2C-E5A1-4605-92DD-EBECC7F051D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60CA151-1C3A-45B3-B939-E6F80063C595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "58BAD5A9-9C67-4056-9344-07C8C42C8E88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "42821916-E601-4831-B37B-3202ACF2C562",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_websafe:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EE1EEA6-1E25-4A90-91A1-386D19808557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_websafe:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16A05340-0AE2-49CA-903F-44383421577E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_websafe:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "583F134E-1616-44F2-8EF0-0CFA5CCEF0AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_websafe:12.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "86D0731D-E9DA-4056-9AC6-F204C2F915F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2E56D76-1A89-46AB-9C17-CB24662FFDE7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH."
    },
    {
      "lang": "es",
      "value": "En algunas circunstancias, una instancia de nube de Azure de F5 BIG-IP versiones 12.0.0 hasta 12.1.2 y versi\u00f3n 13.0.0, puede contener una contrase\u00f1a administrativa por defecto que podr\u00eda usarse para iniciar sesi\u00f3n de manera remota en el sistema BIG-IP. La cuenta administrativa afectada es el usuario administrativo de instancia Azure que se cre\u00f3 en la implementaci\u00f3n. Las cuentas root y administrador no son vulnerables. Un atacante puede acceder de remotamente al host BIG-IP por medio de SSH."
    }
  ],
  "id": "CVE-2017-6131",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-23T15:29:00.190",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "url": "http://www.securitytracker.com/id/1038569"
    },
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K61757346"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038569"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K61757346"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201705-3546

Vulnerability from variot - Updated: 2023-12-18 14:01

In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH. F5 BIG-IP Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5BIG-IP is a load balancer that uses a variety of allocation algorithms to distribute network requests to available servers in a server cluster. By managing incoming web data traffic and increasing effective network bandwidth, network visitors get as much as possible. The hardware device for the best networking experience. A default password vulnerability exists in F5BIG-IP products. F5 BIG-IP Azure Products are prone to a security-bypass vulnerability. This may lead to further attacks. F5 BIG-IP LTM, etc. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. The following products and versions are affected: F5 BIG-IP LTM version 12.0.0 through 12.1.2, version 13.0.0; BIG-IP AAM version 12.0.0 through 12.1.2, version 13.0.0; BIG-IP AFM Version 12.0.0 to Version 12.1.2, Version 13.0.0; BIG-IP APM Version 12.0.0 to Version 12.1.2, Version 13.0.0; BIG-IP ASM Version 12.0.0 to Version 12.1.2, Version 13.0. 0 version; BIG-IP DNS version 12.0.0 to 12.1.2, version 13.0.0; BIG-IP Link Controller version 12.0.0 to 12.1.2, version 13.0.0; BIG-IP PEM version 12.0.0 to version 12.1.2, version 13.0.0; BIG-IP WebSafe version 12.0.0 to version 12.1.2, version 13.0.0

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201705-3546",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 3.0,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip domain name system",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip domain name system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip domain name system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip domain name system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip domain name system",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip application security manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip application security manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip application security manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.0.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "12.0.0 to  12.1.2"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "12.0.0 to  12.1.2"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "12.0.0 to  12.1.2"
      },
      {
        "model": "big-ip application security manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "12.0.0 to  12.1.2"
      },
      {
        "model": "big-ip domain name system",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "12.0.0 to  12.1.2"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "12.0.0 to  12.1.2"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "12.0.0 to  12.1.2"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "12.0.0 to  12.1.2"
      },
      {
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "12.0.0 to  12.1.2"
      },
      {
        "model": "traffix sdc",
        "scope": null,
        "trust": 0.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "linerate",
        "scope": null,
        "trust": 0.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-iq cloud and orchestration",
        "scope": null,
        "trust": 0.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-iq centralized management",
        "scope": null,
        "trust": 0.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-iq adc",
        "scope": null,
        "trust": 0.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-iq security",
        "scope": null,
        "trust": 0.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-iq device",
        "scope": null,
        "trust": 0.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-iq cloud",
        "scope": null,
        "trust": 0.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "enterprise manager",
        "scope": null,
        "trust": 0.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "arx",
        "scope": null,
        "trust": 0.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip webaccelerator",
        "scope": null,
        "trust": 0.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip psm",
        "scope": null,
        "trust": 0.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip websafe",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "f5",
        "version": "12.0.0,\u003c=12.1.2"
      },
      {
        "model": "big-ip link controller",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "f5",
        "version": "12.0.0,\u003c=12.1.2"
      },
      {
        "model": "big-ip gtm",
        "scope": null,
        "trust": 0.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip edge gateway",
        "scope": null,
        "trust": 0.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": null,
        "trust": 0.6,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip aam",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "f5",
        "version": "12.0.0,\u003c=12.1.2"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "f5",
        "version": "12.0.0\u003c=12.1.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip afm",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "f5",
        "version": "12.0.0\u003c=12.1.2"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip apm",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "f5",
        "version": "12.0.0,\u003c=12.1.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip asm",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "f5",
        "version": "12.0.0,\u003c=12.1.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip dns",
        "scope": "gte",
        "trust": 0.6,
        "vendor": "f5",
        "version": "12.0.0,\u003c=12.1.2"
      },
      {
        "model": "big-ip dns",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "f5",
        "version": "13.0.0"
      },
      {
        "model": "big-ip websafe",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip ltm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip link controller",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0"
      },
      {
        "model": "big-ip dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0"
      },
      {
        "model": "big-ip dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip dns",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip asm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip apm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip afm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.1"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.0"
      },
      {
        "model": "big-ip aam",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip websafe hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0"
      },
      {
        "model": "big-ip pem hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0"
      },
      {
        "model": "big-ip ltm hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0"
      },
      {
        "model": "big-ip ltm hf1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip link controller hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0"
      },
      {
        "model": "big-ip dns hf1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip asm hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0"
      },
      {
        "model": "big-ip asm hf1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip apm hf1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip afm hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0"
      },
      {
        "model": "big-ip afm hf1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.2"
      },
      {
        "model": "big-ip aam hf2",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "13.0"
      },
      {
        "model": "big-ip aam hf1",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "f5",
        "version": "12.1.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10163"
      },
      {
        "db": "BID",
        "id": "98659"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004439"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6131"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-789"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:12.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:12.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6131"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "98659"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-6131",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-6131",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-10163",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-114334",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-6131",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-6131",
            "trust": 1.8,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-10163",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-789",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114334",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10163"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114334"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004439"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6131"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-789"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH. F5 BIG-IP Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5BIG-IP is a load balancer that uses a variety of allocation algorithms to distribute network requests to available servers in a server cluster. By managing incoming web data traffic and increasing effective network bandwidth, network visitors get as much as possible. The hardware device for the best networking experience. A default password vulnerability exists in F5BIG-IP products. F5 BIG-IP Azure Products are prone to a security-bypass vulnerability. This may lead  to further attacks. F5 BIG-IP LTM, etc. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. The following products and versions are affected: F5 BIG-IP LTM version 12.0.0 through 12.1.2, version 13.0.0; BIG-IP AAM version 12.0.0 through 12.1.2, version 13.0.0; BIG-IP AFM Version 12.0.0 to Version 12.1.2, Version 13.0.0; BIG-IP APM Version 12.0.0 to Version 12.1.2, Version 13.0.0; BIG-IP ASM Version 12.0.0 to Version 12.1.2, Version 13.0. 0 version; BIG-IP DNS version 12.0.0 to 12.1.2, version 13.0.0; BIG-IP Link Controller version 12.0.0 to 12.1.2, version 13.0.0; BIG-IP PEM version 12.0.0 to version 12.1.2, version 13.0.0; BIG-IP WebSafe version 12.0.0 to version 12.1.2, version 13.0.0",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6131"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004439"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10163"
      },
      {
        "db": "BID",
        "id": "98659"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114334"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6131",
        "trust": 3.4
      },
      {
        "db": "SECTRACK",
        "id": "1038569",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004439",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-789",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10163",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "98659",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-114334",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10163"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114334"
      },
      {
        "db": "BID",
        "id": "98659"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004439"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6131"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-789"
      }
    ]
  },
  "id": "VAR-201705-3546",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10163"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114334"
      }
    ],
    "trust": 1.11884288875
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10163"
      }
    ]
  },
  "last_update_date": "2023-12-18T14:01:36.691000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "K61757346: BIG-IP Azure cloud vulnerability CVE-2017-6131",
        "trust": 0.8,
        "url": "https://support.f5.com/csp/article/k61757346"
      },
      {
        "title": "F5BIG-IP default password vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/95884"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10163"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004439"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-798",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114334"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004439"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6131"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "https://support.f5.com/csp/article/k61757346"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1038569"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6131"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6131"
      },
      {
        "trust": 0.6,
        "url": "http://securitytracker.com/id/1038569"
      },
      {
        "trust": 0.3,
        "url": "http://www.f5.com/products/big-ip/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10163"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114334"
      },
      {
        "db": "BID",
        "id": "98659"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004439"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6131"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-789"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10163"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114334"
      },
      {
        "db": "BID",
        "id": "98659"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004439"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6131"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-789"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-06-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-10163"
      },
      {
        "date": "2017-05-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114334"
      },
      {
        "date": "2017-05-11T00:00:00",
        "db": "BID",
        "id": "98659"
      },
      {
        "date": "2017-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004439"
      },
      {
        "date": "2017-05-23T15:29:00.190000",
        "db": "NVD",
        "id": "CVE-2017-6131"
      },
      {
        "date": "2017-02-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-789"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-06-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-10163"
      },
      {
        "date": "2017-07-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114334"
      },
      {
        "date": "2017-05-11T00:00:00",
        "db": "BID",
        "id": "98659"
      },
      {
        "date": "2017-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-004439"
      },
      {
        "date": "2017-07-08T01:29:13.240000",
        "db": "NVD",
        "id": "CVE-2017-6131"
      },
      {
        "date": "2017-05-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-789"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-789"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "F5 BIG-IP Vulnerabilities related to the use of hard-coded credentials",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-004439"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-789"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2017-AVI-164

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans F5 BIG-IP Azure cloud. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	BIG-IP	BIG-IP AFM version13.0.0
F5	BIG-IP	BIG-IP APM version12.0.0 à 12.1.2
F5	BIG-IP	BIG-IP DNS version13.0.0
F5	BIG-IP	BIG-IP WebSafe version12.0.0 à 12.1.2
F5	BIG-IP	BIG-IP Link Controller version12.0.0 à 12.1.2
F5	BIG-IP	BIG-IP LTM version13.0.0
F5	BIG-IP	BIG-IP LTM version12.0.0 à 12.1.2
F5	BIG-IP	BIG-IP PEM version12.0.0 à 12.1.2
F5	BIG-IP	BIG-IP AAM version13.0.0
F5	BIG-IP	BIG-IP PEM version13.0.0
F5	BIG-IP	BIG-IP APM version13.0.0
F5	BIG-IP	BIG-IP Link Controller version13.0.0
F5	BIG-IP	BIG-IP AAM version12.0.0 à 12.1.2
F5	BIG-IP	BIG-IP AFM version12.0.0 à 12.1.2
F5	BIG-IP	BIG-IP ASM version13.0.0
F5	BIG-IP	BIG-IP DNS version12.0.0 à 12.1.2
F5	BIG-IP	BIG-IP WebSafe version13.0.0
F5	BIG-IP	BIG-IP ASM version12.0.0 à 12.1.2

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K61757346 du 22 mai 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP AFM version13.0.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP APM version12.0.0 \u00e0 12.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP DNS version13.0.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP WebSafe version12.0.0 \u00e0 12.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Link Controller version12.0.0 \u00e0 12.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP LTM version13.0.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP LTM version12.0.0 \u00e0 12.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP PEM version12.0.0 \u00e0 12.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP AAM version13.0.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP PEM version13.0.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP APM version13.0.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Link Controller version13.0.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP AAM version12.0.0 \u00e0 12.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP AFM version12.0.0 \u00e0 12.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP ASM version13.0.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP DNS version12.0.0 \u00e0 12.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP WebSafe version13.0.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP ASM version12.0.0 \u00e0 12.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-6131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6131"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-164",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-05-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eF5 BIG-IP\nAzure cloud\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans F5 BIG-IP Azure cloud",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K61757346 du 22 mai 2017",
      "url": "https://support.f5.com/csp/article/K61757346"
    }
  ]
}

CERTFR-2017-AVI-164

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans F5 BIG-IP Azure cloud. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	BIG-IP	BIG-IP AFM version13.0.0
F5	BIG-IP	BIG-IP APM version12.0.0 à 12.1.2
F5	BIG-IP	BIG-IP DNS version13.0.0
F5	BIG-IP	BIG-IP WebSafe version12.0.0 à 12.1.2
F5	BIG-IP	BIG-IP Link Controller version12.0.0 à 12.1.2
F5	BIG-IP	BIG-IP LTM version13.0.0
F5	BIG-IP	BIG-IP LTM version12.0.0 à 12.1.2
F5	BIG-IP	BIG-IP PEM version12.0.0 à 12.1.2
F5	BIG-IP	BIG-IP AAM version13.0.0
F5	BIG-IP	BIG-IP PEM version13.0.0
F5	BIG-IP	BIG-IP APM version13.0.0
F5	BIG-IP	BIG-IP Link Controller version13.0.0
F5	BIG-IP	BIG-IP AAM version12.0.0 à 12.1.2
F5	BIG-IP	BIG-IP AFM version12.0.0 à 12.1.2
F5	BIG-IP	BIG-IP ASM version13.0.0
F5	BIG-IP	BIG-IP DNS version12.0.0 à 12.1.2
F5	BIG-IP	BIG-IP WebSafe version13.0.0
F5	BIG-IP	BIG-IP ASM version12.0.0 à 12.1.2

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K61757346 du 22 mai 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP AFM version13.0.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP APM version12.0.0 \u00e0 12.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP DNS version13.0.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP WebSafe version12.0.0 \u00e0 12.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Link Controller version12.0.0 \u00e0 12.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP LTM version13.0.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP LTM version12.0.0 \u00e0 12.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP PEM version12.0.0 \u00e0 12.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP AAM version13.0.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP PEM version13.0.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP APM version13.0.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP Link Controller version13.0.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP AAM version12.0.0 \u00e0 12.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP AFM version12.0.0 \u00e0 12.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP ASM version13.0.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP DNS version12.0.0 \u00e0 12.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP WebSafe version13.0.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP ASM version12.0.0 \u00e0 12.1.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-6131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6131"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-164",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-05-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eF5 BIG-IP\nAzure cloud\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans F5 BIG-IP Azure cloud",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K61757346 du 22 mai 2017",
      "url": "https://support.f5.com/csp/article/K61757346"
    }
  ]
}

GHSA-JGC9-5F5F-87MG

Vulnerability from github – Published: 2022-05-17 02:34 – Updated: 2022-05-17 02:34

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6131"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-23T15:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH.",
  "id": "GHSA-jgc9-5f5f-87mg",
  "modified": "2022-05-17T02:34:33Z",
  "published": "2022-05-17T02:34:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6131"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K61757346"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1038569"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-6131

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6131

Aliases

CVE-2017-6131

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6131",
    "description": "In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH.",
    "id": "GSD-2017-6131"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6131"
      ],
      "details": "In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH.",
      "id": "GSD-2017-6131",
      "modified": "2023-12-13T01:21:10.270155Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "f5sirt@f5.com",
        "ID": "CVE-2017-6131",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "BIG-IP Azure cloud instance",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "12.0.0 to 12.1.2"
                        },
                        {
                          "version_value": "13.0.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "F5 Networks, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "default administrative password"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.f5.com/csp/article/K61757346",
            "refsource": "CONFIRM",
            "url": "https://support.f5.com/csp/article/K61757346"
          },
          {
            "name": "1038569",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1038569"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:12.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:12.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:12.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:12.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:12.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_websafe:12.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "ID": "CVE-2017-6131"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K61757346",
              "refsource": "CONFIRM",
              "tags": [
                "Permissions Required",
                "Vendor Advisory"
              ],
              "url": "https://support.f5.com/csp/article/K61757346"
            },
            {
              "name": "1038569",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1038569"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-07-08T01:29Z",
      "publishedDate": "2017-05-23T15:29Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-6131 (GCVE-0-2017-6131)

CNVD-2017-10163

FKIE_CVE-2017-6131

VAR-201705-3546

CERTFR-2017-AVI-164

Solution

CERTFR-2017-AVI-164

Solution

GHSA-JGC9-5F5F-87MG

GSD-2017-6131

Tags

Sightings

Nomenclature