Vulnerability Details : CVE-2017-6162
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, Websafe software version 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, 11.4.0 to 11.5.4, 11.2.1, in some cases TMM may crash when processing TCP traffic. This vulnerability affects TMM via a virtual server configured with TCP profile. Traffic processing is disrupted while Traffic Management Microkernel (TMM) restarts. If the affected BIG-IP system is configured to be part of a device group, it will trigger a failover to the peer device.
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2017-6162
Probability of exploitation activity in the next 30 days: 0.28%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 64 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-6162
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2017-6162
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-6162
-
http://www.securityfocus.com/bid/101635
Multiple F5 BIG-IP Products CVE-2017-6162 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1039673
F5 BIG-IP TCP Packet Processing Flaw Lets Remote Users Cause the Target Traffic Management Microkernel (TMM) to Restart - SecurityTrackerThird Party Advisory;VDB Entry
-
https://support.f5.com/csp/article/K13421245
Vendor Advisory
Products affected by CVE-2017-6162
- F5 » Big-ip Local Traffic ManagerVersions from including (>=) 11.5.0 and up to, including, (<=) 11.5.4cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:*
- F5 » Big-ip Application Security ManagerVersions from including (>=) 11.5.0 and up to, including, (<=) 11.5.4cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*
- F5 » Big-ip Access Policy ManagerVersions from including (>=) 11.5.0 and up to, including, (<=) 11.5.4cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:12.1.0:*:*:*:*:*:*:*
- F5 » Big-ip Application Acceleration ManagerVersions from including (>=) 11.5.0 and up to, including, (<=) 11.5.4cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.2.1:*:*:*:*:*:*:*
- F5 » Big-ip Advanced Firewall ManagerVersions from including (>=) 11.5.0 and up to, including, (<=) 11.5.4cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*
- F5 » Big-ip Policy Enforcement ManagerVersions from including (>=) 11.5.0 and up to, including, (<=) 11.5.4cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_websafe:1.0.0:*:*:*:*:*:*:*