Main
Vulnerability Database
Exploits
ID:63 - Exploit for Information disclosure in F5 Networks products - CVE-2017-6168
ID:63 - Exploit for Information disclosure in F5 Networks products - CVE-2017-6168
Published: March 18, 2020
Vulnerability identifier: #VU9370
Vulnerability risk: Low
CVE-ID: CVE-2017-6168
CWE-ID: CWE-200
Exploitation vector: Remote access
Vulnerable software:
BIG-IP LTM
BIG-IP AAM
BIG-IP Analytics
BIG-IP APM
BIG-IP ASM
BIG-IP DNS
BIG-IP GTM
BIG-IP Link Controller
BIG-IP PEM
BIG-IP WebSafe
BIG-IP LTM
BIG-IP AAM
BIG-IP Analytics
BIG-IP APM
BIG-IP ASM
BIG-IP DNS
BIG-IP GTM
BIG-IP Link Controller
BIG-IP PEM
BIG-IP WebSafe
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to gain potentially sensitive information.
The weakness exists due to insufficient security restrictions. A remote attacker can gain access to access trusted internal networks, send specially crafted input, conduct an Adaptive Chosen Ciphertext attack against RSA and view encrypted information in plaintext format.
The weakness exists due to insufficient security restrictions. A remote attacker can gain access to access trusted internal networks, send specially crafted input, conduct an Adaptive Chosen Ciphertext attack against RSA and view encrypted information in plaintext format.
Remediation
Install update from vendor's website.