Lucene search

K
f5F5F5:K21462542
HistoryOct 13, 2017 - 12:00 a.m.

K21462542 : OpenSSL vulnerability CVE-2017-3735

2017-10-1300:00:00
my.f5.com
24

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.028 Low

EPSS

Percentile

89.6%

Security Advisory Description

While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then. (CVE-2017-3735)

Impact

A malformed display of x509 objects to authorized users if the malformed certificate is installed. This information will not affect the operation of the system. You must be an administrator on the system to install certificates or view certificate details.

The BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow products include the vulnerable OpenSSL library. However, in the default, standard, and recommended configurations, the system does not display certificate properties to users who are not authenticated.

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.2 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.028 Low

EPSS

Percentile

89.6%

Related for F5:K21462542