Lucene search

MitreCVE-2015-7759

HistoryJan 12, 2016 - 8:59 p.m.

CVE-2015-7759

2016-01-1220:59:01

CWE-20

mitre

web.nvd.nist.gov

cve-2015-7759

big-ip ltm

aam

afm

analytics

apm

asm

link controller

pem

tcp profile

congestion metrics cache

denial of service

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

4.4

Confidence

High

EPSS

0.002

Percentile

56.9%

JSON

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP profile for a virtual server is configured with Congestion Metrics Cache enabled, allow remote attackers to cause a denial of service (Traffic Management Microkernel (TMM) restart) via crafted ICMP packets, related to Path MTU (PMTU) discovery.

Affected configurations

Nvd

Node

f5big-ip_analyticsMatch12.0.0

Node

f5big-ip_application_acceleration_managerMatch12.0.0

Node

f5big-ip_link_controllerMatch12.0.0

Node

f5big-ip_advanced_firewall_managerMatch12.0.0

Node

f5big-ip_policy_enforcement_managerMatch12.0.0

Node

f5big-ip_local_traffic_managerMatch12.0.0

Node

f5big-ip_access_policy_managerMatch12.0.0

Node

f5big-ip_application_security_managerMatch12.0.0

VendorProductVersionCPE
f5big-ip_analytics12.0.0cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*
f5big-ip_application_acceleration_manager12.0.0cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*
f5big-ip_link_controller12.0.0cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager12.0.0cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*
f5big-ip_policy_enforcement_manager12.0.0cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*
f5big-ip_local_traffic_manager12.0.0cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*
f5big-ip_access_policy_manager12.0.0cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*
f5big-ip_application_security_manager12.0.0cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	big-ip_analytics	12.0.0	cpe:2.3:a:f5:big-ip_analytics:12.0.0:::::::*
f5	big-ip_application_acceleration_manager	12.0.0	cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:::::::*
f5	big-ip_link_controller	12.0.0	cpe:2.3:a:f5:big-ip_link_controller:12.0.0:::::::*
f5	big-ip_advanced_firewall_manager	12.0.0	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:::::::*
f5	big-ip_policy_enforcement_manager	12.0.0	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:::::::*
f5	big-ip_local_traffic_manager	12.0.0	cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:::::::*
f5	big-ip_access_policy_manager	12.0.0	cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:::::::*
f5	big-ip_application_security_manager	12.0.0	cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:::::::*

References

www.securitytracker.com/id/1034627

support.f5.com/kb/en-us/solutions/public/k/22/sol22843911.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

4.4

Confidence

High

EPSS

0.002

Percentile

56.9%

JSON

Related for CVE-2015-7759