Sign-up

ID

VAR-201803-1075


CVE

CVE-2017-6152


TITLE

BIG-IQ Centralized Management Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-012857

DESCRIPTION

A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the Access Manager role has privileges to change the passwords of other users on the system, including the local admin account password. BIG-IQ Centralized Management Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IQ Centralized Management is prone to a local privilege escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments

Trust: 1.98

sources: NVD: CVE-2017-6152 // JVNDB: JVNDB-2017-012857 // BID: 103441 // VULHUB: VHN-114355

AFFECTED PRODUCTS

vendor:f5model:big-iq centralized managementscope:lteversion:5.2.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:gteversion:5.1.0

Trust: 1.0

vendor:f5model:big-iq centralized managementscope:eqversion:5.1.0 to 5.2.0

Trust: 0.8

vendor:f5model:big-iq centralized managementscope:eqversion:5.2

Trust: 0.3

vendor:f5model:big-iq centralized managementscope:eqversion:5.1

Trust: 0.3

vendor:f5model:big-iq centralized managementscope:neversion:5.3

Trust: 0.3

sources: BID: 103441 // JVNDB: JVNDB-2017-012857 // NVD: CVE-2017-6152

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6152
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6152
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201803-241
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114355
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2017-6152
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114355
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6152
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114355 // JVNDB: JVNDB-2017-012857 // CNNVD: CNNVD-201803-241 // NVD: CVE-2017-6152

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-114355 // JVNDB: JVNDB-2017-012857 // NVD: CVE-2017-6152

THREAT TYPE

local

Trust: 0.9

sources: BID: 103441 // CNNVD: CNNVD-201803-241

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201803-241

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012857

PATCH
title:K35195140: BIG-IQ Access Manager role vulnerability CVE-2017-6152url:https://support.f5.com/csp/article/K35195140
Trust: 0.8
title:F5 BIG-IQ Centralized Management Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78977
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-012857 // 
            
            
            
            CNNVD: CNNVD-201803-241

EXTERNAL IDS
db:NVDid:CVE-2017-6152
Trust: 2.8
db:BIDid:103441
Trust: 2.0
db:JVNDBid:JVNDB-2017-012857
Trust: 0.8
db:CNNVDid:CNNVD-201803-241
Trust: 0.6
db:VULHUBid:VHN-114355
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114355 // 
            
            
            
            BID: 103441 // 
            
            
            
            JVNDB: JVNDB-2017-012857 // 
            
            
            
            CNNVD: CNNVD-201803-241 // 
            
            
            
            NVD: CVE-2017-6152

REFERENCES
url:https://support.f5.com/csp/article/k35195140
Trust: 2.0
url:http://www.securityfocus.com/bid/103441
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6152
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6152
Trust: 0.8
url:http://www.f5.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-114355 // 
            
            
            
            BID: 103441 // 
            
            
            
            JVNDB: JVNDB-2017-012857 // 
            
            
            
            CNNVD: CNNVD-201803-241 // 
            
            
            
            NVD: CVE-2017-6152

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 103441

SOURCES
db:VULHUBid:VHN-114355
db:BIDid:103441
db:JVNDBid:JVNDB-2017-012857
db:CNNVDid:CNNVD-201803-241
db:NVDid:CVE-2017-6152

LAST UPDATE DATE
2024-11-23T22:00:40.269000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114355date:2019-10-03T00:00:00
db:BIDid:103441date:2018-03-08T00:00:00
db:JVNDBid:JVNDB-2017-012857date:2018-04-24T00:00:00
db:CNNVDid:CNNVD-201803-241date:2019-10-23T00:00:00
db:NVDid:CVE-2017-6152date:2024-11-21T03:29:09.110

SOURCES RELEASE DATE
db:VULHUBid:VHN-114355date:2018-03-08T00:00:00
db:BIDid:103441date:2018-03-08T00:00:00
db:JVNDBid:JVNDB-2017-012857date:2018-04-24T00:00:00
db:CNNVDid:CNNVD-201803-241date:2018-03-09T00:00:00
db:NVDid:CVE-2017-6152date:2018-03-08T14:29:00.303