Multiple vulnerabilities in F5 BIG-IP
Security Bulletin
This security bulletin contains information about 11 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU9737
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6134
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists in the default configuration due to insufficient validation of user-supplied input. An adjacent attacker can send specially crafted packets to cause the target Traffic Management Microkernel (TMM) to restart and traffic to disrupt.
Successful exploitation of the vulnerability results in denial of service.
MitigationThe vulnerability is addressed in the following versions: 11.5.5, 11.6.2, 12.1.3, 13.1.0.
Vulnerable software versionsBIG-IP LTM: 11.5.1 - 13.0.0
BIG-IP AAM: 11.5.1 - 13.0.0
BIG-IP AFM: 11.5.1 - 13.0.0
BIG-IP Analytics: 11.5.1 - 13.0.0
BIG-IP APM: 11.5.1 - 13.0.0
BIG-IP ASM: 11.5.1 - 13.0.0
BIG-IP DNS: 11.5.1 - 13.0.0
BIG-IP GTM: 11.5.1 - 13.0.0
BIG-IP Link Controller: 11.5.1 - 13.0.0
BIG-IP PEM: 11.5.1 - 13.0.0
BIG-IP WebSafe: 11.5.1 - 13.0.0
External linkshttp://support.f5.com/csp/article/K37404773
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU9738
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6136
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists on the systems with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile due to insufficient validation of user-supplied input. A remote attacker can send specially crafted traffic to the target virtual server, trigger an unspecified flaw and cause the Traffic Management Microkernel (TMM) to restart and traffic to disrupt.
Successful exploitation of the vulnerability results in denial of service.
MitigationThe vulnerability is addressed in the following versions: 12.1.3, 13.1.0.
Vulnerable software versionsBIG-IP LTM: 12.1.0 - 13.0.0
BIG-IP AAM: 12.1.0 - 13.0.0
BIG-IP AFM: 12.1.0 - 13.0.0
BIG-IP Analytics: 12.1.0 - 13.0.0
BIG-IP APM: 12.1.0 - 13.0.0
BIG-IP ASM: 12.1.0 - 13.0.0
BIG-IP DNS: 12.1.0 - 13.0.0
BIG-IP GTM: 12.1.0 - 13.0.0
BIG-IP Link Controller: 12.1.0 - 13.0.0
BIG-IP PEM: 12.1.0 - 13.0.0
BIG-IP WebSafe: 12.1.0 - 13.0.0
External linkshttp://support.f5.com/csp/article/K81137982
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper input validation
EUVDB-ID: #VU9739
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6133
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted HTTP request, trigger an unspecified flaw and cause the Traffic Management Microkernel (TMM) to restart and traffic to disrupt.
Successful exploitation of the vulnerability results in denial of service.
MitigationThe vulnerability is addressed in the following versions: 12.1.3, 13.1.0.
Vulnerable software versionsBIG-IP LTM: 12.1.0 - 13.0.0
BIG-IP AAM: 12.1.0 - 13.0.0
BIG-IP AFM: 12.1.0 - 13.0.0
BIG-IP Analytics: 12.1.0 - 13.0.0
BIG-IP APM: 12.1.0 - 13.0.0
BIG-IP ASM: 12.1.0 - 13.0.0
BIG-IP DNS: 12.1.0 - 13.0.0
BIG-IP GTM: 12.1.0 - 13.0.0
BIG-IP Link Controller: 12.1.0 - 13.0.0
BIG-IP PEM: 12.1.0 - 13.0.0
BIG-IP WebSafe: 12.1.0 - 13.0.0
External linkshttp://support.f5.com/csp/article/K25033460
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper input validation
EUVDB-ID: #VU9740
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6129
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists on the systems with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile due to insufficient validation of user-supplied input. A remote attacker can send specially crafted traffic to the target virtual server, trigger an unspecified flaw and cause the Traffic Management Microkernel (TMM) to restart and traffic to disrupt.
Successful exploitation of the vulnerability results in denial of service.
MitigationThe vulnerability is addressed in the following versions: 12.1.3, 13.1.0.
Vulnerable software versionsBIG-IP APM: 12.1.2 - 13.0.0
External linkshttp://support.f5.com/csp/article/K20087443
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper input validation
EUVDB-ID: #VU9741
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6132
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the default configuration due to insufficient validation of user-supplied input. A remote attacker can send specially crafted packets to the target primary or secondary High Availability state mirror listeners to cause the target Traffic Management Microkernel (TMM) to restart and traffic to disrupt.
Successful exploitation of the vulnerability results in denial of service.
MitigationThe vulnerability is addressed in the following versions: 11.5.5, 11.6.2, 12.1.3, 13.1.0.
Vulnerable software versionsBIG-IP LTM: 11.5.1 - 13.0.0
BIG-IP AAM: 11.5.1 - 13.0.0
BIG-IP AFM: 11.5.1 - 13.0.0
BIG-IP Analytics: 11.5.1 - 13.0.0
BIG-IP APM: 11.5.1 - 13.0.0
BIG-IP ASM: 11.5.1 - 13.0.0
BIG-IP DNS: 11.5.1 - 13.0.0
BIG-IP GTM: 11.5.1 - 13.0.0
BIG-IP Link Controller: 11.5.1 - 13.0.0
BIG-IP PEM: 11.5.1 - 13.0.0
BIG-IP WebSafe: 11.5.1 - 13.0.0
External linkshttp://support.f5.com/csp/article/K12044607
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource exhaustion
EUVDB-ID: #VU9742
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6135
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to resource exhaustion. A remote attacker can send specially crafted IPv4 or IPv6 packets to the management port or self IP addresses, trigger a memory leak in the kernel, consume excessive memory and cause the service to crash.
Successful exploitation of the vulnerability results in denial of service.
MitigationUpdate to version 13.1.0.
Vulnerable software versionsBIG-IP LTM: 13.0.0
BIG-IP AAM: 13.0.0
BIG-IP AFM: 13.0.0
BIG-IP Analytics: 13.0.0
BIG-IP APM: 13.0.0
BIG-IP ASM: 13.0.0
BIG-IP DNS: 13.0.0
BIG-IP GTM: 13.0.0
BIG-IP Link Controller: 13.0.0
BIG-IP PEM: 13.0.0
BIG-IP WebSafe: 13.0.0
External linkshttp://support.f5.com/csp/article/K43322910
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper input validation
EUVDB-ID: #VU9743
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6138
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists on the systems with BIG-IP APM profiles and the systems with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies due to insufficient validation of user-supplied input. A remote attacker can send specially crafted requests to a target virtual server that has an HTTP profile, trigger an unspecified flaw and cause the Traffic Management Microkernel (TMM) to restart and traffic to disrupt.
Successful exploitation of the vulnerability results in denial of service.
MitigationThe vulnerability is addressed in the following versions: 12.1.3, 13.1.0.
Vulnerable software versionsBIG-IP LTM: 12.1.0 - 13.0.0
BIG-IP AAM: 12.1.0 - 13.0.0
BIG-IP AFM: 12.1.0 - 13.0.0
BIG-IP Analytics: 12.1.0 - 13.0.0
BIG-IP APM: 12.1.0 - 13.0.0
BIG-IP ASM: 12.1.0 - 13.0.0
BIG-IP DNS: 12.1.0 - 13.0.0
BIG-IP GTM: 12.1.0 - 13.0.0
BIG-IP Link Controller: 12.1.0 - 13.0.0
BIG-IP PEM: 12.1.0 - 13.0.0
BIG-IP WebSafe: 12.1.0 - 13.0.0
External linkshttp://support.f5.com/csp/article/K34514540
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper input validation
EUVDB-ID: #VU9744
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6151
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to resource exhaustion. A remote attacker can send specially crafted requests to a target virtual server that uses the 'HTTP/2 profile' to disrupt service to the Traffic Management Microkernel (TMM).
Successful exploitation of the vulnerability results in denial of service.
MitigationUpdate to version 13.1.0.
Vulnerable software versionsBIG-IP LTM: 13.0.0
BIG-IP AAM: 13.0.0
BIG-IP AFM: 13.0.0
BIG-IP Analytics: 13.0.0
BIG-IP APM: 13.0.0
BIG-IP ASM: 13.0.0
BIG-IP DNS: 13.0.0
BIG-IP GTM: 13.0.0
BIG-IP Link Controller: 13.0.0
BIG-IP PEM: 13.0.0
BIG-IP WebSafe: 13.0.0
BIG-IP WebAccelerator: 13.0.0
External linkshttp://support.f5.com/csp/article/K07369970
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Information disclosure
EUVDB-ID: #VU9745
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6139
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The vulnerability exists on the systems running in debug mode logging with BIG-IP APM due to the system may append potentially sensitive log details in response to client requests in certain cases. A remote attacker can read arbitrary file.
MitigationThe vulnerability is addressed in the following versions: 12.1.3, 13.1.0.
Vulnerable software versionsBIG-IP APM: 12.1.2 - 13.0.0
External linkshttp://support.f5.com/csp/article/K45432295
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Race condition
EUVDB-ID: #VU9746
Risk: Low
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6167
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.
The vulnerability exists due to race condition when handling malicious input. A remote attacker can send asynchronous tasks via the iControl REST interface, trigger a race condition and execute commands with elevated privileges on the target system.
MitigationThe vulnerability is addressed in the following versions: 12.1.3, 13.1.0.
Vulnerable software versionsBIG-IP LTM: 12.1.0 - 13.0.0
BIG-IP AAM: 12.1.0 - 13.0.0
BIG-IP AFM: 12.1.0 - 13.0.0
BIG-IP Analytics: 12.1.0 - 13.0.0
BIG-IP APM: 12.1.0 - 13.0.0
BIG-IP ASM: 12.1.0 - 13.0.0
BIG-IP DNS: 12.1.0 - 13.0.0
BIG-IP GTM: 12.1.0 - 13.0.0
BIG-IP Link Controller: 12.1.0 - 13.0.0
BIG-IP PEM: 12.1.0 - 13.0.0
BIG-IP WebSafe: 12.1.0 - 13.0.0
External linkshttp://support.f5.com/csp/article/K24465120
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU9747
Risk: Low
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6164
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Description
The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary commands on the target system.
The vulnerability exists in the default configuration due to insufficient validation of user-supplied input. A remote attacker can send specially crafted TLS 1.2 data, trigger a flaw in the ClientSSL profile component of the Traffic Management Microkernel (TMM) and cause it to crash or potentially execute commands on the target system.
MitigationThe vulnerability is addressed in the following versions: 11.5.5, 11.6.2, 12.1.3, 13.1.0.
Vulnerable software versionsBIG-IP LTM: 11.5.1 - 13.0.0
BIG-IP AAM: 11.5.1 - 13.0.0
BIG-IP AFM: 11.5.1 - 13.0.0
BIG-IP Analytics: 11.5.1 - 13.0.0
BIG-IP APM: 11.5.1 - 13.0.0
BIG-IP ASM: 11.5.1 - 13.0.0
BIG-IP DNS: 11.5.1 - 13.0.0
BIG-IP GTM: 11.5.1 - 13.0.0
BIG-IP Link Controller: 11.5.1 - 13.0.0
BIG-IP PEM: 11.5.1 - 13.0.0
BIG-IP WebSafe: 11.5.1 - 13.0.0
BIG-IP Edge Gateway: 11.5.1 - 13.0.0
BIG-IP WebAccelerator: 11.5.1 - 13.0.0
External linkshttp://support.f5.com/csp/article/K02714910
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
