Lucene search

[email protected]NVD:CVE-2017-6145

HistoryOct 20, 2017 - 3:29 p.m.

CVE-2017-6145

2017-10-2015:29:00

CWE-613

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

43.2%

JSON

iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe 12.0.0 through 12.1.2 and 13.0.0 includes a service to convert authorization BIGIPAuthCookie cookies to X-F5-Auth-Token tokens. This service does not properly re-validate cookies when making that conversion, allowing once-valid but now expired cookies to be converted to valid tokens.

Affected configurations

NVD

Node

f5big-ip_access_policy_managerMatch12.1.0

f5big-ip_access_policy_managerMatch12.1.1

f5big-ip_access_policy_managerMatch12.1.2

f5big-ip_access_policy_managerMatch13.0.0

f5big-ip_advanced_firewall_managerMatch12.1.0

f5big-ip_advanced_firewall_managerMatch12.1.1

f5big-ip_advanced_firewall_managerMatch12.1.2

f5big-ip_advanced_firewall_managerMatch13.0.0

f5big-ip_analyticsMatch12.1.0

f5big-ip_analyticsMatch12.1.1

f5big-ip_analyticsMatch12.1.2

f5big-ip_analyticsMatch13.0.0

f5big-ip_application_acceleration_managerMatch12.1.0

f5big-ip_application_acceleration_managerMatch12.1.1

f5big-ip_application_acceleration_managerMatch12.1.2

f5big-ip_application_acceleration_managerMatch13.0.0

f5big-ip_application_security_managerMatch12.1.0

f5big-ip_application_security_managerMatch12.1.1

f5big-ip_application_security_managerMatch12.1.2

f5big-ip_application_security_managerMatch13.0.0

f5big-ip_domain_name_systemMatch12.1.0

f5big-ip_domain_name_systemMatch12.1.1

f5big-ip_domain_name_systemMatch12.1.2

f5big-ip_domain_name_systemMatch13.0.0

f5big-ip_link_controllerMatch12.1.0

f5big-ip_link_controllerMatch12.1.1

f5big-ip_link_controllerMatch12.1.2

f5big-ip_link_controllerMatch13.0.0

f5big-ip_local_traffic_managerMatch12.1.0

f5big-ip_local_traffic_managerMatch12.1.1

f5big-ip_local_traffic_managerMatch12.1.2

f5big-ip_local_traffic_managerMatch13.0.0

f5big-ip_policy_enforcement_managerMatch12.1.0

f5big-ip_policy_enforcement_managerMatch12.1.1

f5big-ip_policy_enforcement_managerMatch12.1.2

f5big-ip_policy_enforcement_managerMatch13.0.0

f5big-ip_websafeMatch12.1.0

f5big-ip_websafeMatch12.1.1

f5big-ip_websafeMatch12.1.2

f5big-ip_websafeMatch13.0.0

References

support.f5.com/csp/article/K22317030

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

0.001 Low

EPSS

Percentile

43.2%

JSON

Related for NVD:CVE-2017-6145

f51 nessus1 cve1 prion1 cvelist1