Vulnerability Details : CVE-2017-6143
X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server's identity is not properly validated in F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.2, or 11.5.0-11.5.5.
Exploit prediction scoring system (EPSS) score for CVE-2017-6143
Probability of exploitation activity in the next 30 days: 0.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 35 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-6143
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
8.6
|
4.9
|
NIST |
5.4
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N |
2.2
|
2.7
|
NIST |
CWE ids for CVE-2017-6143
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-6143
-
https://support.f5.com/csp/article/K11464209
Vendor Advisory
Products affected by CVE-2017-6143
- F5 » Big-ip Application Security ManagerVersions from including (>=) 11.6.1 and up to, including, (<=) 11.6.2cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Security ManagerVersions after (>) 12.1.0 and up to, including, (<=) 12.1.2cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Application Security ManagerVersions from including (>=) 11.5.1 and up to, including, (<=) 11.5.5cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Advanced Firewall ManagerVersions from including (>=) 11.6.1 and up to, including, (<=) 11.6.2cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Advanced Firewall ManagerVersions from including (>=) 11.5.1 and up to, including, (<=) 11.5.5cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
- F5 » Big-ip Advanced Firewall ManagerVersions from including (>=) 12.1.0 and up to, including, (<=) 12.1.2cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*