Denial of service in F5 Networks products - CVE-2017-6140
Published: December 22, 2017
Vulnerability identifier: #VU9708
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6140
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: F5 Networks
Affected software:
BIG-IP LTM
BIG-IP AFM
BIG-IP Analytics
BIG-IP APM
BIG-IP ASM
BIG-IP GTM
BIG-IP PEM
BIG-IP AAM
BIG-IP DNS
BIG-IP LTM
BIG-IP AFM
BIG-IP Analytics
BIG-IP APM
BIG-IP ASM
BIG-IP GTM
BIG-IP PEM
BIG-IP AAM
BIG-IP DNS
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in multiple F5 Networks products using virtual servers with client or server SSL profiles that use AES-GCM cipher suite due to improper processing of packets. A remote attacker can send a series of packets and cause a disruption of the data plane services on the system.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists in multiple F5 Networks products using virtual servers with client or server SSL profiles that use AES-GCM cipher suite due to improper processing of packets. A remote attacker can send a series of packets and cause a disruption of the data plane services on the system.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-6140
The vulnerability is addressed in the following versions: 11.5.5, 11.6.2, 11.5.5, 13.0.0.