Vulnerability Details : CVE-2017-0305
F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic.
Products affected by CVE-2017-0305
- cpe:2.3:a:f5:ssl_intercept_iapp:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:f5:ssl_intercept_iapp:1.5.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-0305
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-0305
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2017-0305
-
https://support.f5.com/csp/article/K53244431
Vendor Advisory
Jump to