#VU8985 Denial of service in F5 Networks products - CVE-2017-6163
Published: October 30, 2017
Vulnerability identifier: #VU8985
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-6163
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
BIG-IP PSM
BIG-IP PEM
BIG-IP ASM
BIG-IP APM
BIG-IP AFM
BIG-IP LTM
BIG-IP Link Controller
BIG-IP AAM
BIG-IP PSM
BIG-IP PEM
BIG-IP ASM
BIG-IP APM
BIG-IP AFM
BIG-IP LTM
BIG-IP Link Controller
BIG-IP AAM
Software vendor:
F5 Networks
F5 Networks
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile. A remote attacker can send a large number of connections greater than the advertised limit to disrupt Traffic Management Microkernel (TMM) data plane service.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile. A remote attacker can send a large number of connections greater than the advertised limit to disrupt Traffic Management Microkernel (TMM) data plane service.
Successful exploitation of the vulnerability results in denial of service.
Remediation
Install update from vendor's website.