exploitDog

CVE-2017-6166

Опубликовано: 22 нояб. 2017

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device.

Ссылки

http://www.securityfocus.com/bid/102264
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039949
Third Party Advisory
VDB Entry
https://support.f5.com/csp/article/K65615624
Issue Tracking
Mitigation
Vendor Advisory
http://www.securityfocus.com/bid/102264
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039949
Third Party Advisory
VDB Entry
https://support.f5.com/csp/article/K65615624
Issue Tracking
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:f5:big-ip_afm:*:*:*:*:*:*:*:*

Версия от 12.0.0 (включая) до 12.1.1 (включая)

cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*

Версия от 12.0.0 (включая) до 12.1.1 (включая)

cpe:2.3:a:f5:big-ip_apm:*:*:*:*:*:*:*:*

Версия от 12.0.0 (включая) до 12.1.1 (включая)

cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*

Версия от 12.0.0 (включая) до 12.1.1 (включая)

cpe:2.3:a:f5:big-ip_asm:*:*:*:*:*:*:*:*

Версия от 12.0.0 (включая) до 12.1.1 (включая)

cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*

Версия от 12.0.0 (включая) до 12.1.1 (включая)

cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*

Версия от 12.0.0 (включая) до 12.1.1 (включая)

cpe:2.3:a:f5:big-ip_ltm:*:*:*:*:*:*:*:*

Версия от 12.0.0 (включая) до 12.1.1 (включая)

cpe:2.3:a:f5:big-ip_pem:*:*:*:*:*:*:*:*

Версия от 12.0.0 (включая) до 12.1.1 (включая)

cpe:2.3:a:f5:f5_websafe:*:*:*:*:*:*:*:*

Версия от 12.0.0 (включая) до 12.1.1 (включая)

cpe:2.3:a:f5:linerate:*:*:*:*:*:*:*:*

Версия от 2.5.0 (включая) до 2.6.2 (включая)

EPSS

Процентиль: 79%

0.01202

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-415

Связанные уязвимости

GHSA-j35v-h5m8-p59m

CVSS3: 5.9

github

больше 3 лет назад

In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device.

EPSS

Процентиль: 79%

0.01202

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-415