Multiple vulnerabilities in F5 BIG-IP
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2017-0304 CVE-2017-0301 CVE-2017-6140 |
| CWE-ID | CWE-89 CWE-284 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
BIG-IP AFM Hardware solutions / Security hardware applicances BIG-IP APM Hardware solutions / Security hardware applicances BIG-IP LTM Hardware solutions / Security hardware applicances BIG-IP Analytics Hardware solutions / Security hardware applicances BIG-IP ASM Hardware solutions / Security hardware applicances BIG-IP GTM Hardware solutions / Security hardware applicances BIG-IP PEM Hardware solutions / Security hardware applicances BIG-IP AAM Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP DNS Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | F5 Networks |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) SQL injection
EUVDB-ID: #VU9706
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0304
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to execute arbitrary SQL commands in web application database.
The vulnerability exists in the BIG-IP AFM management UI due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted HTTP request to vulnerable script and execute arbitrary SQL commands in web application database.
Successful exploitation of the vulnerability may allow an attacker to gain administrative access to vulnerable web application.
MitigationThe vulnerability is addressed in the following versions: 12.1.3, 13.1.0, 13.0.0 HF1
Vulnerable software versionsBIG-IP AFM: 12.0.0 - 13.0.0
External linkshttp://support.f5.com/csp/article/K39428424
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Security restrictions bypass
EUVDB-ID: #VU9707
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-0301
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to bypass security restrictions on the target system.
The weakness exists due to improper access control. A remote attacker can access different internal BIG-IP APM resources.
The vulnerability is addressed in the following versions: 11.5.5, 11.6.2, 12.1.3.
Vulnerable software versionsBIG-IP APM: 11.5.0 - 12.1.2
External linkshttp://support.f5.com/csp/article/K54358225
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Denial of service
EUVDB-ID: #VU9708
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6140
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in multiple F5 Networks products using virtual servers with client or server SSL profiles that use AES-GCM cipher suite due to improper processing of packets. A remote attacker can send a series of packets and cause a disruption of the data plane services on the system.
Successful exploitation of the vulnerability results in denial of service.
The vulnerability is addressed in the following versions: 11.5.5, 11.6.2, 11.5.5, 13.0.0.
Vulnerable software versionsBIG-IP LTM: 11.5.0 - 12.1.2
BIG-IP AAM: 11.5.0 - 12.1.2
BIG-IP AFM: 11.5.0 - 12.1.2
BIG-IP Analytics: 11.5.0 - 12.1.2
BIG-IP APM: 11.5.0 - 12.1.2
BIG-IP ASM: 11.5.0 - 12.1.2
BIG-IP DNS: 11.5.0 - 12.1.2
BIG-IP GTM: 11.5.0 - 12.1.1
BIG-IP PEM: 11.5.0 - 12.1.2
External linkshttp://support.f5.com/csp/article/K55102452
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
