Lucene search
F5F5:K22317030HistoryJul 13, 2017 - 12:00 a.m.
K22317030 : iControl REST vulnerability CVE-2017-6145
2017-07-1300:00:00
my.f5.com
13
0.001 Low
EPSS
Percentile
43.2%
Security Advisory Description
iControl REST includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. This service does not properly re-validate cookies when making that conversion, allowing once-valid but now expired cookies to be converted to valid tokens. (CVE-2017-6145)
Impact
An attacker with an expired BIG-IP authentication cookie can use it to get valid iControl REST authentication tokens in order to gain access to the iControl REST interface of the BIG-IP system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip afm | eq | 11.4.1 | |
| big-ip afm | eq | 11.5.0 | |
| big-ip afm | eq | 11.5.1 | |
| big-ip afm | eq | 11.5.2 | |
| big-ip afm | eq | 11.5.3 | |
| big-ip afm | eq | 11.5.4 | |
| big-ip afm | eq | 11.6.0 | |
| big-ip afm | eq | 11.6.1 | |
| big-ip afm | eq | 12.0.0 | |
| big-ip afm | eq | 12.1.0 |
Related
nessus
nessus
F5 Networks BIG-IP : iControl REST vulnerability (K22317030)
2017-07-13 00:00:00
cve
cve
CVE-2017-6145
2017-10-20 15:29:00
prion
prion
Authorization
2017-10-20 15:29:00
nvd
nvd
CVE-2017-6145
2017-10-20 15:29:00
cvelist
cvelist
CVE-2017-6145
2017-07-12 00:00:00