CVE-2017-6131

high-risk

Published 2017-05-23

In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH.

Do I need to act?

0.78% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Big-Ip Local Traffic Manager

Big-Ip Application Acceleration Manager

Big-Ip Advanced Firewall Manager

Big-Ip Access Policy Manager

Big-Ip Application Security Manager

Big-Ip Domain Name System

Big-Ip Link Controller

Affected Vendors

References (4)

http://www.securitytracker.com/id/1038569

Permissions Required https://support.f5.com/csp/article/K61757346

http://www.securitytracker.com/id/1038569

Permissions Required https://support.f5.com/csp/article/K61757346

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 3/34 · Minimal

Exposure 25/34 · High