CVE-2017-6165

Опубликовано: 20 окт. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file.

Ссылки

http://www.securityfocus.com/bid/101543
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039638
Third Party Advisory
VDB Entry
https://support.f5.com/csp/article/K74759095
Vendor Advisory
http://www.securityfocus.com/bid/101543
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039638
Third Party Advisory
VDB Entry
https://support.f5.com/csp/article/K74759095
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.3:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.4:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_analytics:11.5.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_analytics:11.5.3:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_analytics:11.5.4:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_analytics:11.6.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_analytics:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_analytics:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_analytics:12.2.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.3:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.4:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:11.5.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:11.5.3:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:11.5.4:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:11.6.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_application_security_manager:12.1.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_domain_name_system:11.5.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_domain_name_system:11.5.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_domain_name_system:11.5.3:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_domain_name_system:11.5.4:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_domain_name_system:11.6.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_domain_name_system:11.6.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_domain_name_system:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_domain_name_system:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_domain_name_system:12.1.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.3:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.4:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_global_traffic_manager:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_global_traffic_manager:12.1.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:11.5.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:11.5.3:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:11.5.4:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:11.6.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_link_controller:12.1.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.3:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.4:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.3:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.4:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_websafe:11.5.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_websafe:11.5.2:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_websafe:11.5.3:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_websafe:11.5.4:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_websafe:11.6.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_websafe:11.6.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_websafe:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_websafe:12.1.0:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_websafe:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:f5:big-ip_websafe:12.1.2:*:*:*:*:*:*:*

cpe:2.3:h:f5:viprion_application_delivery_controller:-:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01951

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-532

Связанные уязвимости

GHSA-4x6p-8h5m-3xj2