CVE-2017-6161

high-risk

Published 2017-10-27

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion.

Do I need to act?

2.7% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

ADJACENT_NETWORK / HIGH complexity

Affected Products (20)

Big-Ip Local Traffic Manager

Big-Ip Application Acceleration Manager

Big-Ip Advanced Firewall Manager

Big-Ip Access Policy Manager

Big-Ip Application Security Manager

Affected Vendors

References (8)

Third Party Advisory http://www.securityfocus.com/bid/101636

Third Party Advisory http://www.securitytracker.com/id/1039675

Third Party Advisory http://www.securitytracker.com/id/1039676

Vendor Advisory https://support.f5.com/csp/article/K62279530

Third Party Advisory http://www.securityfocus.com/bid/101636

Third Party Advisory http://www.securitytracker.com/id/1039675

Third Party Advisory http://www.securitytracker.com/id/1039676

Vendor Advisory https://support.f5.com/csp/article/K62279530

/ 100

high-risk

Severity 14/34 · Moderate

Exploitability 6/34 · Minimal

Exposure 31/34 · Critical