Denial of service in F5 Enterprise Manager

Published: 2017-12-22 00:00:00 | Updated: 2017-12-25 15:14:28
Severity Low
Patch available YES
Number of vulnerabilities 1
CVSSv2 2.4 (AV:A/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
CVSSv3 5.5 [CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE ID CVE-2017-6134
CWE ID CWE-20
Exploitation vector Local network
Public exploit Not available
Vulnerable software Enterprise Manager
Vulnerable software versions Enterprise Manager 3.1.0
Enterprise Manager 3.0.1
Enterprise Manager 3.0.0
Vendor URL F5 Networks, Inc.
Advisory type Public

Security Advisory

1) Improper input validation

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists in the default configuration due to insufficient validation of user-supplied input. An adjacent attacker can send specially crafted packets to cause the target Traffic Management Microkernel (TMM) to restart and traffic to disrupt.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Update to version 3.1.1.

External links

https://support.f5.com/csp/article/K37404773

Back to List