Sign-up

ID

VAR-201804-0507


CVE

CVE-2017-6143


TITLE

F5 BIG-IP Vulnerabilities related to certificate validation

Trust: 0.8

sources: JVNDB: JVNDB-2017-013263

DESCRIPTION

X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server's identity is not properly validated in F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.2, or 11.5.0-11.5.5. F5 BIG-IP Contains a certificate validation vulnerability.Information may be obtained and information may be altered. Both F5 BIG-IP AFM and ASM are products of F5 Company in the United States. F5 BIG-IP AFM is an advanced firewall product for mitigating DDos attacks. ASM is a web application firewall (WAF) that provides secure remote access, protects email, and simplifies web access control while enhancing network and application performance. There is a security vulnerability in F5 BIG-IP AFM and ASM, which is caused by the program not correctly verifying the identity of the remote server. An attacker could exploit this vulnerability to take control of intelligence data. The following products and versions are affected: F5 BIG-IP AFM version 12.1.0 to 12.1.2, 11.6.1 to 11.6.2, 11.5.1 to 11.5.5; BIG-IP ASM version 12.1.0 to version 12.1.2, version 11.6.1 to version 11.6.2, version 11.5.1 to version 11.5.5

Trust: 1.71

sources: NVD: CVE-2017-6143 // JVNDB: JVNDB-2017-013263 // VULHUB: VHN-114346

AFFECTED PRODUCTS

vendor:f5model:big-ip application security managerscope:gteversion:11.5.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:11.5.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:11.6.1

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:11.5.5

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gtversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:11.6.2

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:11.5.5

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:11.6.2

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope:lteversion:12.1.2

Trust: 1.0

vendor:f5model:big-ip advanced firewall managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip application security managerscope: - version: -

Trust: 0.8

vendor:f5model:big-ip advanced firewall managerscope:eqversion:11.6.1

Trust: 0.6

vendor:f5model:big-ip application security managerscope:eqversion:11.5.4

Trust: 0.6

vendor:f5model:big-ip application security managerscope:eqversion:12.1.1

Trust: 0.6

vendor:f5model:big-ip application security managerscope:eqversion:11.5.3

Trust: 0.6

vendor:f5model:big-ip application security managerscope:eqversion:11.5.1

Trust: 0.6

vendor:f5model:big-ip advanced firewall managerscope:eqversion:12.1.0

Trust: 0.6

vendor:f5model:big-ip application security managerscope:eqversion:11.5.5

Trust: 0.6

vendor:f5model:big-ip application security managerscope:eqversion:11.6.1

Trust: 0.6

vendor:f5model:big-ip application security managerscope:eqversion:11.5.2

Trust: 0.6

vendor:f5model:big-ip advanced firewall managerscope:eqversion:12.1.1

Trust: 0.6

sources: JVNDB: JVNDB-2017-013263 // CNNVD: CNNVD-201702-777 // NVD: CVE-2017-6143

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6143
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6143
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201702-777
value: MEDIUM

Trust: 0.6

VULHUB: VHN-114346
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6143
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-114346
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6143
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-114346 // JVNDB: JVNDB-2017-013263 // CNNVD: CNNVD-201702-777 // NVD: CVE-2017-6143

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.9

sources: VULHUB: VHN-114346 // JVNDB: JVNDB-2017-013263 // NVD: CVE-2017-6143

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-777

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201702-777

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013263

PATCH
title:K11464209url:https://support.f5.com/csp/article/K11464209
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-013263

EXTERNAL IDS
db:NVDid:CVE-2017-6143
Trust: 2.5
db:JVNDBid:JVNDB-2017-013263
Trust: 0.8
db:CNNVDid:CNNVD-201702-777
Trust: 0.7
db:VULHUBid:VHN-114346
Trust: 0.1
sources:
            
            
            VULHUB: VHN-114346 // 
            
            
            
            JVNDB: JVNDB-2017-013263 // 
            
            
            
            CNNVD: CNNVD-201702-777 // 
            
            
            
            NVD: CVE-2017-6143

REFERENCES
url:https://support.f5.com/csp/article/k11464209
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6143
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6143
Trust: 0.8
sources:
            
            
            VULHUB: VHN-114346 // 
            
            
            
            JVNDB: JVNDB-2017-013263 // 
            
            
            
            CNNVD: CNNVD-201702-777 // 
            
            
            
            NVD: CVE-2017-6143

SOURCES
db:VULHUBid:VHN-114346
db:JVNDBid:JVNDB-2017-013263
db:CNNVDid:CNNVD-201702-777
db:NVDid:CVE-2017-6143

LAST UPDATE DATE
2024-11-23T22:38:14.251000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-114346date:2018-05-21T00:00:00
db:JVNDBid:JVNDB-2017-013263date:2018-06-13T00:00:00
db:CNNVDid:CNNVD-201702-777date:2018-04-17T00:00:00
db:NVDid:CVE-2017-6143date:2024-11-21T03:29:08.210

SOURCES RELEASE DATE
db:VULHUBid:VHN-114346date:2018-04-13T00:00:00
db:JVNDBid:JVNDB-2017-013263date:2018-06-13T00:00:00
db:CNNVDid:CNNVD-201702-777date:2017-02-23T00:00:00
db:NVDid:CVE-2017-6143date:2018-04-13T13:29:00.207