Information disclosure in F5 Networks products - CVE-2017-6168
Published: November 17, 2017 / Updated: September 14, 2018
Vulnerability identifier: #VU9370
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2017-6168
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: F5 Networks
Affected software:
BIG-IP LTM
BIG-IP Analytics
BIG-IP APM
BIG-IP ASM
BIG-IP GTM
BIG-IP PEM
BIG-IP AAM
BIG-IP DNS
BIG-IP Link Controller
BIG-IP WebSafe
BIG-IP LTM
BIG-IP Analytics
BIG-IP APM
BIG-IP ASM
BIG-IP GTM
BIG-IP PEM
BIG-IP AAM
BIG-IP DNS
BIG-IP Link Controller
BIG-IP WebSafe
Detailed vulnerability description
The vulnerability allows a remote attacker to gain potentially sensitive information.
The weakness exists due to insufficient security restrictions. A remote attacker can gain access to access trusted internal networks, send specially crafted input, conduct an Adaptive Chosen Ciphertext attack against RSA and view encrypted information in plaintext format.
The weakness exists due to insufficient security restrictions. A remote attacker can gain access to access trusted internal networks, send specially crafted input, conduct an Adaptive Chosen Ciphertext attack against RSA and view encrypted information in plaintext format.
How to mitigate CVE-2017-6168
Install update from vendor's website.