CVE-2014-6031

high-risk

Published 2017-06-08

Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before 10.2.4 HF12, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x before 11.4.1 HF9, 11.5.x before 11.5.2 HF1, and 11.6.0 before HF4, and Enterprise Manager 2.1.0 through 2.3.0 and 3.x before 3.1.1 HF5 allows remote authenticated administrators to cause a denial of service via unspecified vectors.

Do I need to act?

-

0.47% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

4

CVSS 4.9/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Application Acceleration Manager

Big-Ip Advanced Firewall Manager

Big-Ip Advanced Firewall Manager

Big-Ip Advanced Firewall Manager

Big-Ip Advanced Firewall Manager

Big-Ip Advanced Firewall Manager

Big-Ip Advanced Firewall Manager

Big-Ip Analytics

Big-Ip Analytics

Big-Ip Analytics

Affected Vendors

F5

References (2)

Vendor Advisory https://support.f5.com/csp/article/K16196

Vendor Advisory https://support.f5.com/csp/article/K16196

55

/ 100

high-risk

Severity 20/34 · Moderate

Exploitability 2/34 · Minimal

Exposure 33/34 · Critical