CVE-2017-6161

EPSS 1.0%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

27 Oct 2017Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion.

Affected products

F5 Networks, Inc. · BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.f5.com/csp/article/K62279530 http://www.securityfocus.com/bid/101636 http://www.securitytracker.com/id/1039675 http://www.securitytracker.com/id/1039676