Lucene search

[email protected]CVE-2017-6159

HistoryOct 27, 2017 - 2:29 p.m.

CVE-2017-6159

2017-10-2714:29:00

[email protected]

web.nvd.nist.gov

big-ip

mptcp

denial of service

vulnerability

cve-2017-6159

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.1%

JSON

F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 are vulnerable to a denial of service attack when the MPTCP option is enabled on a virtual server. Data plane is vulnerable when using the MPTCP option of a TCP profile. There is no control plane exposure. An attacker may be able to disrupt services by causing TMM to restart hence temporarily failing to process traffic.

Affected configurations

NVD

Node

f5big-ip_local_traffic_managerMatch11.6.0

f5big-ip_local_traffic_managerMatch11.6.1

f5big-ip_local_traffic_managerMatch12.0.0

f5big-ip_local_traffic_managerMatch12.1.0

f5big-ip_local_traffic_managerMatch12.1.1

f5big-ip_local_traffic_managerMatch12.1.2

Node

f5big-ip_application_acceleration_managerMatch11.6.0

f5big-ip_application_acceleration_managerMatch11.6.1

f5big-ip_application_acceleration_managerMatch12.0.0

f5big-ip_application_acceleration_managerMatch12.1.0

f5big-ip_application_acceleration_managerMatch12.1.1

f5big-ip_application_acceleration_managerMatch12.1.2

Node

f5big-ip_advanced_firewall_managerMatch11.6.0

f5big-ip_advanced_firewall_managerMatch11.6.1

f5big-ip_advanced_firewall_managerMatch12.0.0

f5big-ip_advanced_firewall_managerMatch12.1.0

f5big-ip_advanced_firewall_managerMatch12.1.1

f5big-ip_advanced_firewall_managerMatch12.1.2

Node

f5big-ip_access_policy_managerMatch11.6.0

f5big-ip_access_policy_managerMatch11.6.1

f5big-ip_access_policy_managerMatch12.0.0

f5big-ip_access_policy_managerMatch12.1.0

f5big-ip_access_policy_managerMatch12.1.1

f5big-ip_access_policy_managerMatch12.1.2

Node

f5big-ip_application_security_managerMatch11.6.0

f5big-ip_application_security_managerMatch11.6.1

f5big-ip_application_security_managerMatch12.0.0

f5big-ip_application_security_managerMatch12.1.0

f5big-ip_application_security_managerMatch12.1.1

f5big-ip_application_security_managerMatch12.1.2

Node

f5big-ip_link_controllerMatch11.6.0

f5big-ip_link_controllerMatch11.6.1

f5big-ip_link_controllerMatch12.0.0

f5big-ip_link_controllerMatch12.1.0

f5big-ip_link_controllerMatch12.1.1

f5big-ip_link_controllerMatch12.1.2

Node

f5big-ip_policy_enforcement_managerMatch11.6.0

f5big-ip_policy_enforcement_managerMatch11.6.1

f5big-ip_policy_enforcement_managerMatch12.0.0

f5big-ip_policy_enforcement_managerMatch12.1.0

f5big-ip_policy_enforcement_managerMatch12.1.1

f5big-ip_policy_enforcement_managerMatch12.1.2

Node

f5big-ip_websafeMatch1.0.0

CPENameOperatorVersion
f5:big-ip_local_traffic_managerf5 big-ip local traffic managereq11.6.0
f5:big-ip_local_traffic_managerf5 big-ip local traffic managereq11.6.1
f5:big-ip_local_traffic_managerf5 big-ip local traffic managereq12.0.0
f5:big-ip_local_traffic_managerf5 big-ip local traffic managereq12.1.0
f5:big-ip_local_traffic_managerf5 big-ip local traffic managereq12.1.1
f5:big-ip_local_traffic_managerf5 big-ip local traffic managereq12.1.2

CPE	Name	Operator	Version
f5:big-ip_local_traffic_manager	f5 big-ip local traffic manager	eq	11.6.0
f5:big-ip_local_traffic_manager	f5 big-ip local traffic manager	eq	11.6.1
f5:big-ip_local_traffic_manager	f5 big-ip local traffic manager	eq	12.0.0
f5:big-ip_local_traffic_manager	f5 big-ip local traffic manager	eq	12.1.0
f5:big-ip_local_traffic_manager	f5 big-ip local traffic manager	eq	12.1.1
f5:big-ip_local_traffic_manager	f5 big-ip local traffic manager	eq	12.1.2

CNA Affected

[
  {
    "product": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe",
    "vendor": "F5 Networks, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "12.0.0 - 12.1.2"
      },
      {
        "status": "affected",
        "version": "11.6.0 &#xe2"
      },
      {
        "status": "affected",
        "version": "&#x80"
      },
      {
        "status": "affected",
        "version": "\" 11.6.1"
      }
    ]
  }
]

References

www.securityfocus.com/bid/101633

www.securitytracker.com/id/1039669

support.f5.com/csp/article/K10002335

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.1%

JSON

Related for CVE-2017-6159

f51 nvd1 nessus1 cvelist1 prion1