Multiple vulnerabilities in F5 BIG-IP

Published: 2017-10-30 14:47:06
Severity Low
Patch available YES
Number of vulnerabilities 7
CVSSv2 3.7 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
7 (AV:N/AC:L/Au:N/C:C/I:C/A:N/E:U/RL:OF/RC:C)
3.7 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
2.4 (AV:A/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 (AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
CVSSv3 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
3.6 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE ID CVE-2017-6159
CVE-2017-6160
CVE-2017-0303
CVE-2017-6157
CVE-2017-6163
CVE-2017-6161
CVE-2017-6162
CWE ID CWE-284
CWE-20
CWE-400
Exploitation vector Network
Public exploit Not available
Vulnerable software BIG-IP LTM
BIG-IP AAM
BIG-IP AFM
BIG-IP Analytics
BIG-IP APM
BIG-IP ASM
BIG-IP GTM
BIG-IP DNS
BIG-IP Link Controller
BIG-IP PEM
BIG-IP WebSafe
BIG-IP PSM
BIG-IP WebAccelerator
BIG-IP Edge Gateway
Vulnerable software versions BIG-IP LTM 11.6.0
BIG-IP LTM 11.6.1
BIG-IP LTM 12.0.1
Show more
BIG-IP AAM 12.0.1
BIG-IP AAM 12.0.0 HF4
BIG-IP AAM 12.1.0 HF1
Show more
BIG-IP AFM 11.6.0
BIG-IP AFM 11.6.1
BIG-IP AFM 12.0.1
Show more
BIG-IP Analytics 12.0.1
BIG-IP Analytics 12.1.2
BIG-IP Analytics 12.0.0
Show more
BIG-IP APM 11.6.0
BIG-IP APM 11.6.1
BIG-IP APM 12.0.1
Show more
BIG-IP ASM 12.0.1
BIG-IP ASM 12.1.0 HF1
BIG-IP ASM 12.0.0 HF4
Show more
BIG-IP GTM 11.6.0
BIG-IP GTM 11.6.1
BIG-IP GTM 11.5.4
Show more
BIG-IP DNS 12.0.0 HF4
BIG-IP DNS 12.0.0 HF3
BIG-IP DNS 12.0.0 HF1
Show more
BIG-IP Link Controller 12.1.0 HF1
BIG-IP Link Controller 12.0.0 HF4
BIG-IP Link Controller 12.0.0 HF3
Show more
BIG-IP PEM 11.6.0
BIG-IP PEM 11.6.1
BIG-IP PEM 12.1.0 HF1
Show more
BIG-IP WebSafe 12.1.1
BIG-IP WebSafe 12.1.0 HF1
BIG-IP WebSafe 12.1.0
Show more
BIG-IP PSM 11.4.1
BIG-IP PSM 11.4.0
BIG-IP WebAccelerator 11.2.1
BIG-IP Edge Gateway 11.2.1
Vendor URL F5 Networks, Inc.
Advisory type Public

Security Advisory

1) Denial of service

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the due to the MPTCP option is enabled on a virtual server. A remote attacker can use the MPTCP option of a TCP profile and cause TMM to restart hence temporarily failing to process traffic.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

External links

https://support.f5.com/csp/article/K10002335

2) Denial of service

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the virtual servers using a Policy Enforcement profile or a Web Acceleration profile due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

External links

https://support.f5.com/csp/article/K19430431

3) Resource exhaustion

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to an error when removing connections handled by a virtual server with an associated SOCKS profile from the connection table when the connections are finished. A remote attacker can consume all available connection resources and cause the system to be unable to process additional connections.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

External links

https://support.f5.com/csp/article/K30201296

4) Security restrictions bypass

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists in the virtual servers with a configuration that uses the HTTP Explicit Proxy function and/or a SOCKS profile. A remote attacker can modify BIG-IP system configuration, extract sensitive system files, and/or possible execute arbitrary command on the BIG-IP system.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

External links

https://support.f5.com/csp/article/K02692210

5) Denial of service

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile. A remote attacker can send a large number of connections greater than the advertised limit to disrupt Traffic Management Microkernel (TMM) data plane service.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

External links

https://support.f5.com/csp/article/K22541983

6) Resource exhaustion

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to a flaw in configuration synchronization (ConfigSync). A remote attacker can bypass the TLS protections on connections to the master control program daemon (MCPD), consume excessive resources and cause the application to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

External links

https://support.f5.com/csp/article/K62279530

7) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in virtual servers configured with a TCP profile due to improper input validation. A remote attacker can send specially crafted TCP traffic to cause the target Traffic Management Microkernel (TMM) to restart.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

External links

https://support.f5.com/csp/article/K13421245

Back to List