Code injection

2017-10-2714:29:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.8%

JSON

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion.

CPENameOperatorVersion
big-ip_access_policy_managereq12.1.2
big-ip_access_policy_managereq12.0.0
big-ip_access_policy_managereq11.2.1
big-ip_access_policy_managereq12.1.1
big-ip_access_policy_managereq12.1.0
big-ip_access_policy_managereq11.6.1
big-ip_access_policy_managereq11.6.0
big-ip_access_policy_managerge11.5.0
big-ip_access_policy_managerle11.5.4
big-ip_advanced_firewall_managereq12.1.0

Name	Operator	Version
big-ip_access_policy_manager	eq	12.1.2
big-ip_access_policy_manager	eq	12.0.0
big-ip_access_policy_manager	eq	11.2.1
big-ip_access_policy_manager	eq	12.1.1
big-ip_access_policy_manager	eq	12.1.0
big-ip_access_policy_manager	eq	11.6.1
big-ip_access_policy_manager	eq	11.6.0
big-ip_access_policy_manager	ge	11.5.0
big-ip_access_policy_manager	le	11.5.4
big-ip_advanced_firewall_manager	eq	12.1.0