Details of VAR-201710-1312

ID

VAR-201710-1312

CVE

CVE-2017-6165

TITLE

plural F5 BIG-IP Vulnerability related to information leakage from log files in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-009665

DESCRIPTION

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file. plural F5 BIG-IP The product contains a vulnerability related to information disclosure from log files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple F5 BIG-IP products are prone to a local information-disclosure vulnerability. Successful exploits may allow an attacker to obtain sensitive information that may lead to further attacks. Failed exploit attempts will result in a denial of service condition. F5 BIG-IP LTM, etc. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. The following products and versions are affected: F5 BIG-IP LTM version 12.0.0 to version 12.1.2, version 11.6.0 to version 11.6.1 HF1, version 11.5.1 HF6 to version 11.5.4; BIG-IP AAM 12.0. 0 to 12.1.2, 11.6.0 to 11.6.1 HF1, 11.5.1 HF6 to 11.5.4; BIG-IP AFM 12.0.0 to 12.1.2, 11.6.0 to 11.6 .1 HF1 releases, 11.5.1 HF6 releases to 11.5.4 releases; BIG-IP Analytics 12.0.0 releases to 12.1.2 releases, 11.6.0 releases to 11.6.1 HF1 releases, 11.5.1 HF6 releases to 11.5.4 releases Versions; BIG-IP APM 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 HF1, 11.5.1 HF6 to 11.5.4; BIG-IP ASM 12.0.0 to 12.1.2 Versions, 11.6.0 to 11.6.1 HF1, 11.5.1 HF6 to 11.5.4; BIG-IP DNS 12.0.0 to 12.1.2; BIG-IP GTM 11.6.0 to 11.6.1 HF1 version, 11.5.1 HF6 version to 11.5.4 version; BIG-IP Link Controller version 12.0.0 to 12.1.2 version, 11.6.0 version to 11.6.1 HF1 version, 11.5.1 HF6 version to 11.5.4 version ; BIG-IP PEM version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 HF1, 11.5.1 HF6 to 11.5.4; BIG-IP Websafe 12.0.0 to 12.1.2 , 11.6.0 version to 11.6.1 HF1 version

Trust: 1.98

sources: NVD: CVE-2017-6165 // JVNDB: JVNDB-2017-009665 // BID: 101543 // VULHUB: VHN-114368

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.3	Trust: 1.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.1	Trust: 1.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.4	Trust: 1.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.1	Trust: 1.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.0.0	Trust: 1.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.0	Trust: 1.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.2	Trust: 1.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.1	Trust: 1.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.0	Trust: 1.6
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.2	Trust: 1.6
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.2	Trust: 1.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.0	Trust: 1.3
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.2.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip websafe	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf1	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip pem hf1	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip pem hf6	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf6	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip gtm hf1	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip gtm hf6	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip asm hf1	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip asm hf6	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf1	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip apm hf6	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf1	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf6	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip afm hf1	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip afm hf6	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip aam hf1	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip aam hf6	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf2	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip pem hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip pem hf2	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	11.5.5	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf2	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	11.5.5	Trust: 0.3
vendor:	f5	model:	big-ip gtm hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip gtm hf2	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	ne	version:	11.5.5	Trust: 0.3
vendor:	f5	model:	big-ip dns hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip asm hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip asm hf2	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	11.5.5	Trust: 0.3
vendor:	f5	model:	big-ip apm hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip apm hf2	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	11.5.5	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf2	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	11.5.5	Trust: 0.3
vendor:	f5	model:	big-ip afm hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip afm hf2	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	11.5.5	Trust: 0.3
vendor:	f5	model:	big-ip aam hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip aam hf2	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	11.5.5	Trust: 0.3

sources: BID: 101543 // JVNDB: JVNDB-2017-009665 // CNNVD: CNNVD-201710-998 // NVD: CVE-2017-6165

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-6165
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-6165
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201710-998
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114368
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-6165
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-114368
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-6165
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-114368 // JVNDB: JVNDB-2017-009665 // CNNVD: CNNVD-201710-998 // NVD: CVE-2017-6165

PROBLEMTYPE DATA

problemtype:

CWE-532

Trust: 1.9

sources: VULHUB: VHN-114368 // JVNDB: JVNDB-2017-009665 // NVD: CVE-2017-6165

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-998

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201710-998

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-009665

PATCH

title:	K74759095	url:	https://support.f5.com/csp/article/K74759095	Trust: 0.8
title:	Multiple F5 Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75890	Trust: 0.6

sources: JVNDB: JVNDB-2017-009665 // CNNVD: CNNVD-201710-998

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6165	Trust: 2.8
db:	BID	id:	101543	Trust: 1.4
db:	SECTRACK	id:	1039638	Trust: 1.1
db:	JVNDB	id:	JVNDB-2017-009665	Trust: 0.8
db:	CNNVD	id:	CNNVD-201710-998	Trust: 0.7
db:	VULHUB	id:	VHN-114368	Trust: 0.1

sources: VULHUB: VHN-114368 // BID: 101543 // JVNDB: JVNDB-2017-009665 // CNNVD: CNNVD-201710-998 // NVD: CVE-2017-6165

REFERENCES

url:	https://support.f5.com/csp/article/k74759095	Trust: 2.0
url:	http://www.securityfocus.com/bid/101543	Trust: 1.1
url:	http://www.securitytracker.com/id/1039638	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6165	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6165	Trust: 0.8
url:	http://www.f5.com/products/big-ip/	Trust: 0.3

sources: VULHUB: VHN-114368 // BID: 101543 // JVNDB: JVNDB-2017-009665 // CNNVD: CNNVD-201710-998 // NVD: CVE-2017-6165

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 101543

SOURCES

db:	VULHUB	id:	VHN-114368
db:	BID	id:	101543
db:	JVNDB	id:	JVNDB-2017-009665
db:	CNNVD	id:	CNNVD-201710-998
db:	NVD	id:	CVE-2017-6165

LAST UPDATE DATE

2024-11-23T21:40:11.548000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-114368	date:	2017-11-15T00:00:00
db:	BID	id:	101543	date:	2017-10-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-009665	date:	2017-11-17T00:00:00
db:	CNNVD	id:	CNNVD-201710-998	date:	2017-10-31T00:00:00
db:	NVD	id:	CVE-2017-6165	date:	2024-11-21T03:29:10.840

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-114368	date:	2017-10-20T00:00:00
db:	BID	id:	101543	date:	2017-10-20T00:00:00
db:	JVNDB	id:	JVNDB-2017-009665	date:	2017-11-17T00:00:00
db:	CNNVD	id:	CNNVD-201710-998	date:	2017-10-31T00:00:00
db:	NVD	id:	CVE-2017-6165	date:	2017-10-20T15:29:00.537