Multiple vulnerabilities in F5 BIG-IP



Published: 2017-10-30
Risk Low
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2017-6159
CVE-2017-6160
CVE-2017-0303
CVE-2017-6157
CVE-2017-6163
CVE-2017-6161
CVE-2017-6162
CWE-ID CWE-284
CWE-20
CWE-400
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
BIG-IP LTM
Hardware solutions / Security hardware applicances

BIG-IP AFM
Hardware solutions / Security hardware applicances

BIG-IP Analytics
Hardware solutions / Security hardware applicances

BIG-IP APM
Hardware solutions / Security hardware applicances

BIG-IP ASM
Hardware solutions / Security hardware applicances

BIG-IP GTM
Hardware solutions / Security hardware applicances

BIG-IP PEM
Hardware solutions / Security hardware applicances

BIG-IP PSM
Hardware solutions / Security hardware applicances

BIG-IP AAM
Hardware solutions / Routers & switches, VoIP, GSM, etc

BIG-IP DNS
Hardware solutions / Routers & switches, VoIP, GSM, etc

BIG-IP Link Controller
Hardware solutions / Routers & switches, VoIP, GSM, etc

BIG-IP WebAccelerator
Hardware solutions / Routers & switches, VoIP, GSM, etc

BIG-IP Edge Gateway
Hardware solutions / Routers & switches, VoIP, GSM, etc

BIG-IP WebSafe
Server applications / Server solutions for antivurus protection

Vendor F5 Networks

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Denial of service

EUVDB-ID: #VU8981

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6159

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the due to the MPTCP option is enabled on a virtual server. A remote attacker can use the MPTCP option of a TCP profile and cause TMM to restart hence temporarily failing to process traffic.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

BIG-IP LTM: 11.6.0 - 12.1.2

BIG-IP AAM: 11.6.0 - 12.1.2

BIG-IP AFM: 11.6.0 - 12.1.2

BIG-IP Analytics: 11.6.0 - 12.1.2

BIG-IP APM: 11.6.0 - 12.1.2

BIG-IP ASM: 11.6.0 - 12.1.2

BIG-IP GTM: 11.6.0 - 11.6.1

BIG-IP DNS: 12.0.0 - 12.1.2

BIG-IP Link Controller: 11.6.0 - 12.1.2

BIG-IP PEM: 11.6.0 - 12.1.2

BIG-IP WebSafe: 11.6.0 - 12.1.1

External links

http://support.f5.com/csp/article/K10002335


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Denial of service

EUVDB-ID: #VU8982

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6160

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the virtual servers using a Policy Enforcement profile or a Web Acceleration profile due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

BIG-IP AAM: 11.4.0 HF4 - 12.1.1

BIG-IP PEM: 11.5.1 HF6 - 12.1.1

External links

http://support.f5.com/csp/article/K19430431


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Resource exhaustion

EUVDB-ID: #VU8983

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-0303

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an error when removing connections handled by a virtual server with an associated SOCKS profile from the connection table when the connections are finished. A remote attacker can consume all available connection resources and cause the system to be unable to process additional connections.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

BIG-IP LTM: 11.5.1 HF6 - 13.0.0

BIG-IP AAM: 11.5.1 - 13.0.0

: 11.5.1 HF6 - 13.0.0

BIG-IP Analytics: 11.5.1 HF6 - 13.0.0

: 11.5.1 HF6 - 13.0.0

BIG-IP ASM: 11.5.1 HF6 - 13.0.0

BIG-IP GTM: 11.5.1 HF6 - 11.6.1

: 12.0.0 - 13.0.0

BIG-IP Link Controller: 11.5.4 - 13.0.0

: 11.5.1 HF6 - 13.0.0

BIG-IP WebSafe: 11.6.0 - 13.0.0

External links

http://support.f5.com/csp/article/K30201296


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Security restrictions bypass

EUVDB-ID: #VU8984

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6157

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists in the virtual servers with a configuration that uses the HTTP Explicit Proxy function and/or a SOCKS profile. A remote attacker can modify BIG-IP system configuration, extract sensitive system files, and/or possible execute arbitrary command on the BIG-IP system.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install update from vendor's website.

Vulnerable software versions

BIG-IP WebSafe: 11.6.0 - 12.1.1

BIG-IP PEM: 11.5.1 HF6 - 12.1.1

BIG-IP Link Controller: 11.5.4 - 12.1.1

BIG-IP ASM: 11.5.4 - 12.1.1

BIG-IP APM: 11.5.4 - 12.1.1

BIG-IP AFM: 11.5.1 HF6 - 12.1.1

BIG-IP AAM: 11.5.0 - 12.1.1

BIG-IP LTM: 11.5.1 HF6 - 12.1.1

External links

http://support.f5.com/csp/article/K02692210


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Denial of service

EUVDB-ID: #VU8985

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6163

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile. A remote attacker can send a large number of connections greater than the advertised limit to disrupt Traffic Management Microkernel (TMM) data plane service.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

BIG-IP PSM: 11.4.0 - 11.4.1

BIG-IP PEM: 11.5.1 HF6 - 12.1.2

BIG-IP Link Controller: 11.5.1 HF6 - 12.1.2

BIG-IP ASM: 11.5.1 HF6 - 12.1.2

BIG-IP APM: 11.5.1 HF6 - 12.1.2

BIG-IP AFM: 11.4.0 - 12.1.2

BIG-IP AAM: 11.4.0 - 12.1.2

BIG-IP LTM: 11.4.0 - 12.1.2

External links

http://support.f5.com/csp/article/K22541983


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource exhaustion

EUVDB-ID: #VU8986

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6161

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw in configuration synchronization (ConfigSync). A remote attacker can bypass the TLS protections on connections to the master control program daemon (MCPD), consume excessive resources and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

BIG-IP WebAccelerator: 11.2.1

BIG-IP PSM: 11.4.0 - 11.4.1

BIG-IP PEM: 11.4.0 - 12.1.2

BIG-IP Link Controller: 11.2.1 - 12.1.2

BIG-IP GTM: 11.2.1 - 11.6.1

BIG-IP Edge Gateway: 11.2.1

BIG-IP DNS: 12.0.0 - 12.1.2

BIG-IP ASM: 11.2.1 - 12.1.2

BIG-IP APM: 11.2.1 - 12.1.2

BIG-IP Analytics: 11.2.1 - 12.1.2

BIG-IP AFM: 11.4.0 - 12.1.2

BIG-IP AAM: 11.4.0 - 12.1.2

BIG-IP LTM: 11.2.1 - 12.1.2

External links

http://support.f5.com/csp/article/K62279530


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU8987

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6162

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in virtual servers configured with a TCP profile due to improper input validation. A remote attacker can send specially crafted TCP traffic to cause the target Traffic Management Microkernel (TMM) to restart.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Install update from vendor's website.

Vulnerable software versions

BIG-IP PSM: 11.4.1

BIG-IP WebAccelerator: 11.2.1

BIG-IP WebSafe: 11.6.0 - 12.1.2

BIG-IP Edge Gateway: 11.2.1

BIG-IP DNS: 12.0.0 - 12.1.2

BIG-IP PEM: 11.4.0 - 12.1.2

BIG-IP Link Controller: 11.2.1 - 12.1.2

BIG-IP GTM: 11.2.1 - 11.6.1

BIG-IP ASM: 11.2.1 - 12.1.2

BIG-IP APM: 11.2.1 - 12.1.2

BIG-IP Analytics: 11.2.1 - 12.1.2

BIG-IP AFM: 11.4.0 - 12.1.2

BIG-IP AAM: 11.4.0 - 12.1.2

BIG-IP LTM: 11.2.1 - 12.1.2

External links

http://support.f5.com/csp/article/K13421245


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###