Denial of service in F5 Networks products - CVE-2017-6163
Published: October 30, 2017
Vulnerability identifier: #VU8985
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6163
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: F5 Networks
Affected software:
BIG-IP PSM
BIG-IP PEM
BIG-IP ASM
BIG-IP APM
BIG-IP AFM
BIG-IP LTM
BIG-IP Link Controller
BIG-IP AAM
BIG-IP PSM
BIG-IP PEM
BIG-IP ASM
BIG-IP APM
BIG-IP AFM
BIG-IP LTM
BIG-IP Link Controller
BIG-IP AAM
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile. A remote attacker can send a large number of connections greater than the advertised limit to disrupt Traffic Management Microkernel (TMM) data plane service.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile. A remote attacker can send a large number of connections greater than the advertised limit to disrupt Traffic Management Microkernel (TMM) data plane service.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-6163
Install update from vendor's website.