#VU9370 Information disclosure in F5 Networks products - CVE-2017-6168
Published: November 17, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU9370
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2017-6168
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
BIG-IP LTM
BIG-IP Analytics
BIG-IP APM
BIG-IP ASM
BIG-IP GTM
BIG-IP PEM
BIG-IP AAM
BIG-IP DNS
BIG-IP Link Controller
BIG-IP WebSafe
BIG-IP LTM
BIG-IP Analytics
BIG-IP APM
BIG-IP ASM
BIG-IP GTM
BIG-IP PEM
BIG-IP AAM
BIG-IP DNS
BIG-IP Link Controller
BIG-IP WebSafe
Software vendor:
F5 Networks
F5 Networks
Description
The vulnerability allows a remote attacker to gain potentially sensitive information.
The weakness exists due to insufficient security restrictions. A remote attacker can gain access to access trusted internal networks, send specially crafted input, conduct an Adaptive Chosen Ciphertext attack against RSA and view encrypted information in plaintext format.
The weakness exists due to insufficient security restrictions. A remote attacker can gain access to access trusted internal networks, send specially crafted input, conduct an Adaptive Chosen Ciphertext attack against RSA and view encrypted information in plaintext format.
Remediation
Install update from vendor's website.