Details of VAR-201709-0914

ID

VAR-201709-0914

CVE

CVE-2017-6147

TITLE

plural F5 BIG-IP Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-008410

DESCRIPTION

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.1.2-HF1 and 13.0.0, an undisclosed type of responses may cause TMM to restart, causing an interruption of service when "SSL Forward Proxy" setting is enabled in both the Client and Server SSL profiles assigned to a BIG-IP Virtual Server. plural F5 BIG-IP The product contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple F5 BIG-IP products are prone to a denial-of-service vulnerability. An attacker can exploit this issue to restart the device, resulting in denial-of-service condition. F5 BIG-IP Analytics and others are products of F5 Corporation of the United States. F5 BIG-IP Analytics is a suite of web application performance analysis software. APM is a set of solutions that provide secure and unified access to business-critical applications and networks. LTM is a local traffic manager. An attacker could exploit this vulnerability with a sequence of requests to cause a denial of service (Traffic Management Microkernel restart and traffic interruption). The following products and versions are affected: F5 BIG-IP LTM Release 13.0.0, Release 12.1.2 HF1; BIG-IP AAM Release 13.0.0, Release 12.1.2 HF1; BIG-IP AFM Release 13.0.0, Release 12.1.2 HF1 version; BIG-IP Analytics version 13.0.0, 12.1.2 HF1 version; BIG-IP APM version 13.0.0, 12.1.2 HF1 version; BIG-IP ASM version 13.0.0, 12.1.2 HF1 version; IP DNS Version 13.0.0, Version 12.1.2 HF1; BIG-IP Link Controller Version 13.0.0, Version 12.1.2 HF1; BIG-IP PEM Version 13.0.0, Version 12.1.2 HF1; BIG-IP WebSafe 13.0. 0 version, 12.1.2 HF1 version

Trust: 1.98

sources: NVD: CVE-2017-6147 // JVNDB: JVNDB-2017-008410 // BID: 100981 // VULHUB: VHN-114350

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.2	Trust: 1.6
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	13.0.0	Trust: 1.6
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.0.0	Trust: 1.6
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.2	Trust: 1.6
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.2	Trust: 1.6
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	13.0.0	Trust: 1.6
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.2	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.2	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	13.0.0	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.2	Trust: 1.6
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip websafe	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf1	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip pem hf1	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf1	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip dns hf1	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip asm hf1	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf1	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf1	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip afm hf1	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip aam hf1	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	ne	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf2	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf1	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf4	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf3	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf2	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf1	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip pem hf2	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip pem hf1	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip pem hf4	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip pem hf3	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip pem hf2	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip pem hf1	scope:	ne	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf2	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf4	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm build	scope:	ne	version:	12.01.14.628	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf3	scope:	ne	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf2	scope:	ne	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	ne	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf2	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf1	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf4	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf3	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf2	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller build	scope:	ne	version:	12.01.14.628	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf1	scope:	ne	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip dns hf3	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip dns hf2	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip dns build	scope:	ne	version:	12.01.14.628	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip dns hf1	scope:	ne	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip asm hf2	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip asm hf1	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip asm hf4	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip asm hf1	scope:	ne	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip asm hf3	scope:	ne	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip asm hf2	scope:	ne	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip asm hf1	scope:	ne	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip apm hf2	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip apm hf1	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip apm hf4	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf3	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf2	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip apm build	scope:	ne	version:	12.01.14.628	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf1	scope:	ne	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics build	scope:	ne	version:	12.01.14.628	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf3	scope:	ne	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf2	scope:	ne	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf1	scope:	ne	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip afm hf2	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip afm hf1	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip afm hf4	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip afm build	scope:	ne	version:	12.01.14.628	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip afm hf3	scope:	ne	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip afm hf2	scope:	ne	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip afm hf1	scope:	ne	version:	12.0.0	Trust: 0.3

sources: BID: 100981 // JVNDB: JVNDB-2017-008410 // CNNVD: CNNVD-201702-773 // NVD: CVE-2017-6147

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6147
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6147
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201702-773
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114350
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6147
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114350
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6147
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114350 // JVNDB: JVNDB-2017-008410 // CNNVD: CNNVD-201702-773 // NVD: CVE-2017-6147

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-114350 // JVNDB: JVNDB-2017-008410 // NVD: CVE-2017-6147

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-773

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201702-773

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008410

PATCH

title:	K43945001	url:	https://support.f5.com/csp/article/K43945001	Trust: 0.8
title:	Multiple F5 Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99650	Trust: 0.6

sources: JVNDB: JVNDB-2017-008410 // CNNVD: CNNVD-201702-773

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6147	Trust: 2.8
db:	BID	id:	100981	Trust: 2.0
db:	JVNDB	id:	JVNDB-2017-008410	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-773	Trust: 0.7
db:	VULHUB	id:	VHN-114350	Trust: 0.1

sources: VULHUB: VHN-114350 // BID: 100981 // JVNDB: JVNDB-2017-008410 // CNNVD: CNNVD-201702-773 // NVD: CVE-2017-6147

REFERENCES

url:	https://support.f5.com/csp/article/k43945001	Trust: 2.0
url:	http://www.securityfocus.com/bid/100981	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6147	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6147	Trust: 0.8
url:	http://www.f5.com/products/big-ip/	Trust: 0.3

sources: VULHUB: VHN-114350 // BID: 100981 // JVNDB: JVNDB-2017-008410 // CNNVD: CNNVD-201702-773 // NVD: CVE-2017-6147

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 100981

SOURCES

db:	VULHUB	id:	VHN-114350
db:	BID	id:	100981
db:	JVNDB	id:	JVNDB-2017-008410
db:	CNNVD	id:	CNNVD-201702-773
db:	NVD	id:	CVE-2017-6147

LAST UPDATE DATE

2024-11-23T21:53:46.762000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114350	date:	2019-10-03T00:00:00
db:	BID	id:	100981	date:	2017-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-008410	date:	2017-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201702-773	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-6147	date:	2024-11-21T03:29:08.580

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114350	date:	2017-09-18T00:00:00
db:	BID	id:	100981	date:	2017-09-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-008410	date:	2017-10-17T00:00:00
db:	CNNVD	id:	CNNVD-201702-773	date:	2017-02-23T00:00:00
db:	NVD	id:	CVE-2017-6147	date:	2017-09-18T17:29:01.907