Lucene search

[email protected]CVE-2017-6145

HistoryOct 20, 2017 - 3:29 p.m.

CVE-2017-6145

2017-10-2015:29:00

CWE-613

[email protected]

web.nvd.nist.gov

cve

2017

6145

icontrol

rest

big-ip

ltm

aam

afm

analytics

apm

asm

dns

security

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

43.2%

JSON

iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. This service does not properly re-validate cookies when making that conversion, allowing once-valid but now expired cookies to be converted to valid tokens.

Affected configurations

NVD

Node

f5big-ip_access_policy_managerMatch12.1.0

f5big-ip_access_policy_managerMatch12.1.1

f5big-ip_access_policy_managerMatch12.1.2

f5big-ip_access_policy_managerMatch13.0.0

f5big-ip_advanced_firewall_managerMatch12.1.0

f5big-ip_advanced_firewall_managerMatch12.1.1

f5big-ip_advanced_firewall_managerMatch12.1.2

f5big-ip_advanced_firewall_managerMatch13.0.0

f5big-ip_analyticsMatch12.1.0

f5big-ip_analyticsMatch12.1.1

f5big-ip_analyticsMatch12.1.2

f5big-ip_analyticsMatch13.0.0

f5big-ip_application_acceleration_managerMatch12.1.0

f5big-ip_application_acceleration_managerMatch12.1.1

f5big-ip_application_acceleration_managerMatch12.1.2

f5big-ip_application_acceleration_managerMatch13.0.0

f5big-ip_application_security_managerMatch12.1.0

f5big-ip_application_security_managerMatch12.1.1

f5big-ip_application_security_managerMatch12.1.2

f5big-ip_application_security_managerMatch13.0.0

f5big-ip_domain_name_systemMatch12.1.0

f5big-ip_domain_name_systemMatch12.1.1

f5big-ip_domain_name_systemMatch12.1.2

f5big-ip_domain_name_systemMatch13.0.0

f5big-ip_link_controllerMatch12.1.0

f5big-ip_link_controllerMatch12.1.1

f5big-ip_link_controllerMatch12.1.2

f5big-ip_link_controllerMatch13.0.0

f5big-ip_local_traffic_managerMatch12.1.0

f5big-ip_local_traffic_managerMatch12.1.1

f5big-ip_local_traffic_managerMatch12.1.2

f5big-ip_local_traffic_managerMatch13.0.0

f5big-ip_policy_enforcement_managerMatch12.1.0

f5big-ip_policy_enforcement_managerMatch12.1.1

f5big-ip_policy_enforcement_managerMatch12.1.2

f5big-ip_policy_enforcement_managerMatch13.0.0

f5big-ip_websafeMatch12.1.0

f5big-ip_websafeMatch12.1.1

f5big-ip_websafeMatch12.1.2

f5big-ip_websafeMatch13.0.0

CPENameOperatorVersion
f5:big-ip_access_policy_managerf5 big-ip access policy managereq12.1.0
f5:big-ip_access_policy_managerf5 big-ip access policy managereq12.1.1
f5:big-ip_access_policy_managerf5 big-ip access policy managereq12.1.2
f5:big-ip_access_policy_managerf5 big-ip access policy managereq13.0.0
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managereq12.1.0
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managereq12.1.1
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managereq12.1.2
f5:big-ip_advanced_firewall_managerf5 big-ip advanced firewall managereq13.0.0
f5:big-ip_analyticsf5 big-ip analyticseq12.1.0
f5:big-ip_analyticsf5 big-ip analyticseq12.1.1

CPE	Name	Operator	Version
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	12.1.0
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	12.1.1
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	12.1.2
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	eq	13.0.0
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	eq	12.1.0
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	eq	12.1.1
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	eq	12.1.2
f5:big-ip_advanced_firewall_manager	f5 big-ip advanced firewall manager	eq	13.0.0
f5:big-ip_analytics	f5 big-ip analytics	eq	12.1.0
f5:big-ip_analytics	f5 big-ip analytics	eq	12.1.1

Rows per page:

1-10 of 401

CNA Affected

[
  {
    "product": "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
    "vendor": "F5 Networks, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "12.0.0 through 12.1.2"
      },
      {
        "status": "affected",
        "version": "13.0.0"
      }
    ]
  }
]

References

support.f5.com/csp/article/K22317030

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

43.2%

JSON

Related for CVE-2017-6145

f51 nessus1 prion1 nvd1 cvelist1