Improper input validation in BIG-IP ASM - CVE-2017-6154
Published: March 30, 2018
Vulnerability identifier: #VU11391
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6154
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: F5 Networks
Affected software:
BIG-IP ASM
BIG-IP ASM
Detailed vulnerability description
The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.
The weakness exists in the bd process due to improper processing of crafted data on BIG-IP ASM systems with 48 or more CPU cores. A remote attacker can send specially crafted data, trigger the bd process on the system to produce a core file, which could interrupt the processing of other traffic, and cause the service to crash.
The weakness exists in the bd process due to improper processing of crafted data on BIG-IP ASM systems with 48 or more CPU cores. A remote attacker can send specially crafted data, trigger the bd process on the system to produce a core file, which could interrupt the processing of other traffic, and cause the service to crash.
How to mitigate CVE-2017-6154
Update to versions 13.1.0, 12.1.3.2 or 11.6.3.