Multiple vulnerabilities in F5 BIG-IP

Published: 2017-12-25 15:12:21
Severity Low
Patch available YES
Number of vulnerabilities 11
CVE ID CVE-2017-6134
CVE-2017-6136
CVE-2017-6133
CVE-2017-6129
CVE-2017-6132
CVE-2017-6135
CVE-2017-6138
CVE-2017-6151
CVE-2017-6139
CVE-2017-6167
CVE-2017-6164
CVSSv3 5.7 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-20
CWE-400
CWE-200
CWE-362
Exploitation vector Network
Public exploit N/A
Vulnerable software BIG-IP LTM
BIG-IP AAM
BIG-IP AFM
BIG-IP Analytics
BIG-IP APM
BIG-IP ASM
BIG-IP DNS
BIG-IP GTM
BIG-IP Link Controller
BIG-IP PEM
BIG-IP WebSafe
BIG-IP WebAccelerator
BIG-IP Edge Gateway
Vulnerable software versions BIG-IP LTM 13.0.0
BIG-IP LTM 11.5.3
BIG-IP LTM 11.5.2

Show more

BIG-IP AAM 13.0.0
BIG-IP AAM 12.1.2
BIG-IP AAM 12.1.1

Show more

BIG-IP AFM 11.6.0
BIG-IP AFM 11.6.1
BIG-IP AFM 11.5.3

Show more

BIG-IP Analytics 13.0.0
BIG-IP Analytics 12.1.2
BIG-IP Analytics 12.1.1

Show more

BIG-IP APM 11.6.0
BIG-IP APM 11.6.1
BIG-IP APM 11.5.3

Show more

BIG-IP ASM 13.0.0
BIG-IP ASM 12.1.2
BIG-IP ASM 12.1.1

Show more

BIG-IP DNS 11.5.4
BIG-IP DNS 11.5.3
BIG-IP DNS 11.5.2

Show more

BIG-IP GTM 13.0.0
BIG-IP GTM 12.1.2
BIG-IP GTM 12.1.1

Show more

BIG-IP Link Controller 11.6.0
BIG-IP Link Controller 11.6.1
BIG-IP Link Controller 11.5.3

Show more

BIG-IP PEM 13.0.0
BIG-IP PEM 12.1.2
BIG-IP PEM 12.1.1

Show more

BIG-IP WebSafe 11.6.1
BIG-IP WebSafe 11.6.0
BIG-IP WebSafe 12.1.2

Show more

BIG-IP WebAccelerator 13.0.0
BIG-IP WebAccelerator 12.1.2
BIG-IP WebAccelerator 12.1.1

Show more

BIG-IP Edge Gateway 13.0.0
BIG-IP Edge Gateway 11.6.0
BIG-IP Edge Gateway 11.6.1

Show more

Vendor URL F5 Networks, Inc.

Security Advisory

1) Improper input validation

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists in the default configuration due to insufficient validation of user-supplied input. An adjacent attacker can send specially crafted packets to cause the target Traffic Management Microkernel (TMM) to restart and traffic to disrupt.

Successful exploitation of the vulnerability results in denial of service.

Remediation

The vulnerability is addressed in the following versions: 11.5.5, 11.6.2, 12.1.3, 13.1.0.

External links

https://support.f5.com/csp/article/K37404773

2) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists on the systems with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile due to insufficient validation of user-supplied input. A remote attacker can send specially crafted traffic to the target virtual server, trigger an unspecified flaw and cause the Traffic Management Microkernel (TMM) to restart and traffic to disrupt.

Successful exploitation of the vulnerability results in denial of service.

Remediation

The vulnerability is addressed in the following versions: 12.1.3, 13.1.0.

External links

https://support.f5.com/csp/article/K81137982

3) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted HTTP request, trigger an unspecified flaw and cause the Traffic Management Microkernel (TMM) to restart and traffic to disrupt.

Successful exploitation of the vulnerability results in denial of service.

Remediation

The vulnerability is addressed in the following versions: 12.1.3, 13.1.0.

External links

https://support.f5.com/csp/article/K25033460

4) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists on the systems with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile due to insufficient validation of user-supplied input. A remote attacker can send specially crafted traffic to the target virtual server, trigger an unspecified flaw and cause the Traffic Management Microkernel (TMM) to restart and traffic to disrupt.

Successful exploitation of the vulnerability results in denial of service.

Remediation

The vulnerability is addressed in the following versions: 12.1.3, 13.1.0.

External links

https://support.f5.com/csp/article/K20087443

5) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the default configuration due to insufficient validation of user-supplied input. A remote attacker can send specially crafted packets to the target primary or secondary High Availability state mirror listeners to cause the target Traffic Management Microkernel (TMM) to restart and traffic to disrupt.

Successful exploitation of the vulnerability results in denial of service.

Remediation

The vulnerability is addressed in the following versions: 11.5.5, 11.6.2, 12.1.3, 13.1.0.

External links

https://support.f5.com/csp/article/K12044607

6) Resource exhaustion

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to resource exhaustion. A remote attacker can send specially crafted IPv4 or IPv6 packets to the management port or self IP addresses, trigger a memory leak in the kernel, consume excessive memory and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Update to version 13.1.0.

External links

https://support.f5.com/csp/article/K43322910

7) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists on the systems with BIG-IP APM profiles and the systems with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies due to insufficient validation of user-supplied input. A remote attacker can send specially crafted requests to a target virtual server that has an HTTP profile, trigger an unspecified flaw and cause the Traffic Management Microkernel (TMM) to restart and traffic to disrupt.

Successful exploitation of the vulnerability results in denial of service.

Remediation

The vulnerability is addressed in the following versions: 12.1.3, 13.1.0.

External links

https://support.f5.com/csp/article/K34514540

8) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to resource exhaustion. A remote attacker can send specially crafted requests to a target virtual server that uses the 'HTTP/2 profile' to disrupt service to the Traffic Management Microkernel (TMM).

Successful exploitation of the vulnerability results in denial of service.

Remediation

Update to version 13.1.0.

External links

https://support.f5.com/csp/article/K07369970

9) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerability exists on the systems running in debug mode logging with BIG-IP APM due to the system may append potentially sensitive log details in response to client requests in certain cases. A remote attacker can read arbitrary file.

Remediation

The vulnerability is addressed in the following versions: 12.1.3, 13.1.0.

External links

https://support.f5.com/csp/article/K45432295

10) Race condition

Description

The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.

The vulnerability exists due to race condition when handling malicious input. A remote attacker can send asynchronous tasks via the iControl REST interface, trigger a race condition and execute commands with elevated privileges on the target system.

Remediation

The vulnerability is addressed in the following versions: 12.1.3, 13.1.0.

External links

https://support.f5.com/csp/article/K24465120

11) Improper input validation

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary commands on the target system.

The vulnerability exists in the default configuration due to insufficient validation of user-supplied input. A remote attacker can send specially crafted TLS 1.2 data, trigger a flaw in the ClientSSL profile component of the Traffic Management Microkernel (TMM) and cause it to crash or potentially execute commands on the target system.

Remediation

The vulnerability is addressed in the following versions: 11.5.5, 11.6.2, 12.1.3, 13.1.0.

External links

https://support.f5.com/csp/article/K02714910

Back to List