K23001529 : SSL Intercept iApp and SSL Orchestrator Server-Side Request Forgery vulnerability CVE-2017-6130

Security Advisory Description

F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is vulnerable to a Server-Side Request Forgery (SSRF) attack when deployed using the Dynamic Domain Bypass (DDB) feature feature plus SNAT Auto Map option for egress traffic. (CVE-2017-6130)

Impact

A remote attacker may be able to perform Server-Side Request Forgery (SSRF) attacks against systems.

The CVSS 3.0 metrics for CVE-2017-6130

Following are the CVSS 3.0 metrics for this vulnerability:

• CVSS V3 score: 7.3 (base) / 6.7 (temporal) / 6.7 (environmental)
• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C

Note: Due to details unique to CVE-2017-6130, we have included CVSS 3.0 metrics in this article. We have not included CVSS 3.0 metrics in Security Advisory articles published on AskF5 for other vulnerabilities.