CVE-2017-6161

Sažetak

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion.

Reference

http://www.securityfocus.com/bid/101636
http://www.securitytracker.com/id/1039675
http://www.securitytracker.com/id/1039676
https://support.f5.com/csp/article/K62279530

CVSS

Base:	2.9
Impact:	2.9
Exploitability:	5.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:A/AC:M/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

16-11-2017 - 19:31

Objavljeno

27-10-2017 - 14:29