Denial of service in F5 Networks products - CVE-2017-6147

Vulnerability identifier: #VU8492

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2017-6147

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: F5 Networks

Affected software:
BIG-IP Analytics
BIG-IP PEM
BIG-IP ASM
BIG-IP APM
BIG-IP AFM
BIG-IP LTM
BIG-IP WebSafe
BIG-IP Link Controller
BIG-IP DNS
BIG-IP AAM

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the SSL Forward Proxy feature of multiple F5 Networks BIG-IP products due to improper processing of undisclosed requests. A remote attacker can send series of undisclosed requests, trigger the "SSL Forward Proxy" setup to connect to untrusted servers and cause the Traffic Management Microkernel (TMM) component to restart.

Successful exploitation of the vulnerability results in denial of service.

Note: This vulnerability affects only devices running a BIG-IP virtual server that has the SSL Forward Proxy option enabled in the assigned client and server SSL profiles.

The vulnerability is addressed in the following versions:
12.0.0 - 12.1.2 for BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Link Controller, BIG-IP PEM, BIG-IP WebSafe.
11.4.0 - 11.6.1 for BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM.
11.2.1 for BIG-IP LTM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller.

• https://support.f5.com/csp/article/K43945001