var-201712-0225
Vulnerability from variot
A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected. F5 BIG-IP AFM Management UI Is SQL An injection vulnerability exists.Information may be obtained and information may be altered. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. F5 BIG-IP AFM 12.0.0 through 12.1.2 and 13.0.0 are vulnerable. F5 BIG-IP Advanced Firewall Manager (AFM) is a firewall manager from F5 Corporation in the United States that can be extended to prevent high-volume DDoS attacks that can overwhelm load balancers, firewalls, and even networks. Configuration utility is a configuration tool. A remote attacker could exploit this vulnerability to tamper with a copy of the configured firewall
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0225",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 2.4,
"vendor": "f5",
"version": "12.0.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 2.4,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 2.4,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 2.4,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip advanced firewall manager",
"scope": "eq",
"trust": 2.4,
"vendor": "f5",
"version": "13.0.0"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "13.0"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.2"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.1"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.0"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.0"
},
{
"model": "big-ip afm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "13.1"
},
{
"model": "big-ip afm hf1",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "13.0"
},
{
"model": "big-ip afm",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "12.1.3"
}
],
"sources": [
{
"db": "BID",
"id": "102332"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011581"
},
{
"db": "NVD",
"id": "CVE-2017-0304"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-835"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0304"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "102332"
}
],
"trust": 0.3
},
"cve": "CVE-2017-0304",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-0304",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-99123",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-0304",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-0304",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-835",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-99123",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-99123"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011581"
},
{
"db": "NVD",
"id": "CVE-2017-0304"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-835"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected. F5 BIG-IP AFM Management UI Is SQL An injection vulnerability exists.Information may be obtained and information may be altered. \nAn attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nF5 BIG-IP AFM 12.0.0 through 12.1.2 and 13.0.0 are vulnerable. F5 BIG-IP Advanced Firewall Manager (AFM) is a firewall manager from F5 Corporation in the United States that can be extended to prevent high-volume DDoS attacks that can overwhelm load balancers, firewalls, and even networks. Configuration utility is a configuration tool. A remote attacker could exploit this vulnerability to tamper with a copy of the configured firewall",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-0304"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011581"
},
{
"db": "BID",
"id": "102332"
},
{
"db": "VULHUB",
"id": "VHN-99123"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-0304",
"trust": 2.8
},
{
"db": "BID",
"id": "102332",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1040041",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011581",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201712-835",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-99123",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-99123"
},
{
"db": "BID",
"id": "102332"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011581"
},
{
"db": "NVD",
"id": "CVE-2017-0304"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-835"
}
]
},
"id": "VAR-201712-0225",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-99123"
}
],
"trust": 0.55130092
},
"last_update_date": "2023-12-18T12:50:57.428000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "K39428424",
"trust": 0.8,
"url": "https://support.f5.com/csp/article/k39428424"
},
{
"title": "F5 BIG-IP Advanced Firewall Manager Configuration utility SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77288"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011581"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-835"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-99123"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011581"
},
{
"db": "NVD",
"id": "CVE-2017-0304"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://support.f5.com/csp/article/k39428424"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/102332"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1040041"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0304"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-0304"
},
{
"trust": 0.3,
"url": "http://www.f5.com/products/big-ip/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-99123"
},
{
"db": "BID",
"id": "102332"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011581"
},
{
"db": "NVD",
"id": "CVE-2017-0304"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-835"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-99123"
},
{
"db": "BID",
"id": "102332"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011581"
},
{
"db": "NVD",
"id": "CVE-2017-0304"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-835"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-12-21T00:00:00",
"db": "VULHUB",
"id": "VHN-99123"
},
{
"date": "2017-12-20T00:00:00",
"db": "BID",
"id": "102332"
},
{
"date": "2018-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011581"
},
{
"date": "2017-12-21T17:29:00.263000",
"db": "NVD",
"id": "CVE-2017-0304"
},
{
"date": "2017-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-835"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-99123"
},
{
"date": "2017-12-20T00:00:00",
"db": "BID",
"id": "102332"
},
{
"date": "2018-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011581"
},
{
"date": "2018-01-08T15:32:19.147000",
"db": "NVD",
"id": "CVE-2017-0304"
},
{
"date": "2017-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-835"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-835"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "F5 BIG-IP AFM Management UI In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011581"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-835"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.