Denial of service in F5 Networks products

Published: 2017-09-19

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Denial of service


Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6147

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No


The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the SSL Forward Proxy feature of multiple F5 Networks BIG-IP products due to improper processing of undisclosed requests. A remote attacker can send series of undisclosed requests, trigger the "SSL Forward Proxy" setup to connect to untrusted servers and cause the Traffic Management Microkernel (TMM) component to restart.

Successful exploitation of the vulnerability results in denial of service.

Note: This vulnerability affects only devices running a BIG-IP virtual server that has the SSL Forward Proxy option enabled in the assigned client and server SSL profiles.


The vulnerability is addressed in the following versions:
12.0.0 - 12.1.2 for BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Link Controller, BIG-IP PEM, BIG-IP WebSafe.
11.4.0 - 11.6.1 for BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM.
11.2.1 for BIG-IP LTM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller.

Vulnerable software versions

BIG-IP Analytics: 12.1.2 HF1 - 13.0.0

BIG-IP WebSafe: 12.1.2 HF1 - 13.0.0

BIG-IP PEM: 12.1.2 HF1 - 13.0.0

BIG-IP Link Controller: 12.1.2 HF1 - 13.0.0

BIG-IP DNS: 12.1.2 HF1 - 13.0.0

BIG-IP ASM: 12.1.2 HF1 - 13.0.0

BIG-IP APM: 12.1.2 HF1 - 13.0.0

BIG-IP AFM: 12.1.2 HF1 - 13.0.0

BIG-IP AAM: 12.1.2 HF1 - 13.0.0

BIG-IP LTM: 12.1.2 HF1 - 13.0.0

External links

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.