In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/101636 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1039675 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1039676 | Third Party Advisory VDB Entry |
https://support.f5.com/csp/article/K62279530 | Vendor Advisory |
http://www.securityfocus.com/bid/101636 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1039675 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1039676 | Third Party Advisory VDB Entry |
https://support.f5.com/csp/article/K62279530 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
Configuration 8 (hide)
|
Configuration 9 (hide)
|
Configuration 10 (hide)
|
Configuration 11 (hide)
|
History
21 Nov 2024, 03:29
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/101636 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1039675 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1039676 - Third Party Advisory, VDB Entry | |
References | () https://support.f5.com/csp/article/K62279530 - Vendor Advisory |
Information
Published : 2017-10-27 14:29
Updated : 2024-11-21 03:29
NVD link : CVE-2017-6161
Mitre link : CVE-2017-6161
CVE.ORG link : CVE-2017-6161
JSON object : View
Products Affected
f5
- big-ip_application_security_manager
- big-ip_application_acceleration_manager
- big-ip_global_traffic_manager
- big-ip_edge_gateway
- big-ip_link_controller
- big-ip_domain_name_system
- big-ip_local_traffic_manager
- big-ip_webaccelerator
- big-ip_advanced_firewall_manager
- big-ip_access_policy_manager
- big-ip_policy_enforcement_manager
CWE
CWE-400
Uncontrolled Resource Consumption