SB2017111703 - Information disclosure in F5 BIG-IP
Published: November 21, 2017
Security Bulletin ID
SB2017111703
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2017-6168)
The vulnerability allows a remote attacker to gain potentially sensitive information.The weakness exists due to insufficient security restrictions. A remote attacker can gain access to access trusted internal networks, send specially crafted input, conduct an Adaptive Chosen Ciphertext attack against RSA and view encrypted information in plaintext format.
Remediation
Install update from vendor's website.