Details of VAR-201710-1063

ID

VAR-201710-1063

CVE

CVE-2017-6141

TITLE

plural F5 BIG-IP Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-009662

DESCRIPTION

In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and WebSafe 12.1.0 through 12.1.2, certain values in a TLS abbreviated handshake when using a client SSL profile with the Session Ticket option enabled may cause disruption of service to the Traffic Management Microkernel (TMM). The Session Ticket option is disabled by default. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. Several F5 products have security vulnerabilities. Attackers can exploit this vulnerability to cause the Traffic Management Microkernel to restart and temporarily fail to process traffic

Trust: 1.71

sources: NVD: CVE-2017-6141 // JVNDB: JVNDB-2017-009662 // VULHUB: VHN-114344

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.2	Trust: 1.6
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.0	Trust: 1.6
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.2	Trust: 1.6
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.0	Trust: 1.6
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.2	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.0	Trust: 1.6
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.1	Trust: 1.6
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.1	Trust: 1.6
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.0	Trust: 1.6
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.1	Trust: 1.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.0 to 12.1.2	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.0 to 12.1.2	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.0 to 12.1.2	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.0 to 12.1.2	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.0 to 12.1.2	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.0 to 12.1.2	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.0 to 12.1.2	Trust: 0.8
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.0 to 12.1.2	Trust: 0.8

sources: JVNDB: JVNDB-2017-009662 // CNNVD: CNNVD-201702-779 // NVD: CVE-2017-6141

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6141
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2017-6141
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201702-779
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114344
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6141
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114344
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6141
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114344 // JVNDB: JVNDB-2017-009662 // CNNVD: CNNVD-201702-779 // NVD: CVE-2017-6141

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-114344 // JVNDB: JVNDB-2017-009662 // NVD: CVE-2017-6141

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-779

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201702-779

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009662

PATCH

title:

K21154730

url:

https://support.f5.com/csp/article/K21154730

Trust: 0.8

sources: JVNDB: JVNDB-2017-009662

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6141	Trust: 2.5
db:	JVNDB	id:	JVNDB-2017-009662	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-779	Trust: 0.7
db:	VULHUB	id:	VHN-114344	Trust: 0.1

sources: VULHUB: VHN-114344 // JVNDB: JVNDB-2017-009662 // CNNVD: CNNVD-201702-779 // NVD: CVE-2017-6141

REFERENCES

url:	https://support.f5.com/csp/article/k21154730	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6141	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6141	Trust: 0.8

sources: VULHUB: VHN-114344 // JVNDB: JVNDB-2017-009662 // CNNVD: CNNVD-201702-779 // NVD: CVE-2017-6141

SOURCES

db:	VULHUB	id:	VHN-114344
db:	JVNDB	id:	JVNDB-2017-009662
db:	CNNVD	id:	CNNVD-201702-779
db:	NVD	id:	CVE-2017-6141

LAST UPDATE DATE

2024-11-23T23:08:54.721000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114344	date:	2017-11-15T00:00:00
db:	JVNDB	id:	JVNDB-2017-009662	date:	2017-11-17T00:00:00
db:	CNNVD	id:	CNNVD-201702-779	date:	2017-10-31T00:00:00
db:	NVD	id:	CVE-2017-6141	date:	2024-11-21T03:29:07.947

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114344	date:	2017-10-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-009662	date:	2017-11-17T00:00:00
db:	CNNVD	id:	CNNVD-201702-779	date:	2017-02-23T00:00:00
db:	NVD	id:	CVE-2017-6141	date:	2017-10-20T15:29:00.393