Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-6162

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM may crash when processing TCP traffic. This vulnerability affects TMM via a virtual server configured with TCP profile. Traffic processing is disrupted while Traffic Management Microkernel (TMM) restarts. If the affected BIG-IP system is configured to be part of a device group, it will trigger a failover to the peer device.

Published

2017-10-27T14:29:00.450

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-119
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application f5 big-ip_local_traffic_manager ≤ 11.5.4 Yes
Application f5 big-ip_local_traffic_manager 11.2.1 Yes
Application f5 big-ip_local_traffic_manager 11.6.0 Yes
Application f5 big-ip_local_traffic_manager 11.6.1 Yes
Application f5 big-ip_local_traffic_manager 12.0.0 Yes
Application f5 big-ip_local_traffic_manager 12.1.0 Yes
Application f5 big-ip_local_traffic_manager 12.1.1 Yes
Application f5 big-ip_application_acceleration_manager ≤ 11.5.4 Yes
Application f5 big-ip_application_acceleration_manager 11.2.1 Yes
Application f5 big-ip_application_acceleration_manager 11.6.0 Yes
Application f5 big-ip_application_acceleration_manager 11.6.1 Yes
Application f5 big-ip_application_acceleration_manager 12.0.0 Yes
Application f5 big-ip_application_acceleration_manager 12.1.0 Yes
Application f5 big-ip_application_acceleration_manager 12.1.1 Yes
Application f5 big-ip_advanced_firewall_manager ≤ 11.5.4 Yes
Application f5 big-ip_advanced_firewall_manager 11.2.1 Yes
Application f5 big-ip_advanced_firewall_manager 11.6.0 Yes
Application f5 big-ip_advanced_firewall_manager 11.6.1 Yes
Application f5 big-ip_advanced_firewall_manager 12.0.0 Yes
Application f5 big-ip_advanced_firewall_manager 12.1.0 Yes
Application f5 big-ip_advanced_firewall_manager 12.1.1 Yes
Application f5 big-ip_access_policy_manager ≤ 11.5.4 Yes
Application f5 big-ip_access_policy_manager 11.2.1 Yes
Application f5 big-ip_access_policy_manager 11.6.0 Yes
Application f5 big-ip_access_policy_manager 11.6.1 Yes
Application f5 big-ip_access_policy_manager 12.0.0 Yes
Application f5 big-ip_access_policy_manager 12.1.0 Yes
Application f5 big-ip_access_policy_manager 12.1.1 Yes
Application f5 big-ip_application_security_manager ≤ 11.5.4 Yes
Application f5 big-ip_application_security_manager 11.2.1 Yes
Application f5 big-ip_application_security_manager 11.6.0 Yes
Application f5 big-ip_application_security_manager 11.6.1 Yes
Application f5 big-ip_application_security_manager 12.0.0 Yes
Application f5 big-ip_application_security_manager 12.1.0 Yes
Application f5 big-ip_application_security_manager 12.1.1 Yes
Application f5 big-ip_link_controller ≤ 11.5.4 Yes
Application f5 big-ip_link_controller 11.2.1 Yes
Application f5 big-ip_link_controller 11.6.0 Yes
Application f5 big-ip_link_controller 11.6.1 Yes
Application f5 big-ip_link_controller 12.0.0 Yes
Application f5 big-ip_link_controller 12.1.0 Yes
Application f5 big-ip_link_controller 12.1.1 Yes
Application f5 big-ip_policy_enforcement_manager ≤ 11.5.4 Yes
Application f5 big-ip_policy_enforcement_manager 11.2.1 Yes
Application f5 big-ip_policy_enforcement_manager 11.6.0 Yes
Application f5 big-ip_policy_enforcement_manager 11.6.1 Yes
Application f5 big-ip_policy_enforcement_manager 12.0.0 Yes
Application f5 big-ip_policy_enforcement_manager 12.1.0 Yes
Application f5 big-ip_policy_enforcement_manager 12.1.1 Yes
Application f5 big-ip_websafe 1.0.0 Yes
References