Multiple vulnerabilities in F5 BIG-IP



Risk Low
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2017-6134
CVE-2017-6136
CVE-2017-6133
CVE-2017-6129
CVE-2017-6132
CVE-2017-6135
CVE-2017-6138
CVE-2017-6151
CVE-2017-6139
CVE-2017-6167
CVE-2017-6164
CWE-ID CWE-20
CWE-400
CWE-200
CWE-362
Exploitation vector Network
Public exploit N/A
Vulnerable software
 BIG-IP LTM
Hardware solutions / Security hardware applicances

BIG-IP AFM
Hardware solutions / Security hardware applicances

BIG-IP Analytics
Hardware solutions / Security hardware applicances

BIG-IP APM
Hardware solutions / Security hardware applicances

BIG-IP ASM
Hardware solutions / Security hardware applicances

BIG-IP GTM
Hardware solutions / Security hardware applicances

BIG-IP PEM
Hardware solutions / Security hardware applicances

BIG-IP AAM
Hardware solutions / Routers & switches, VoIP, GSM, etc

BIG-IP DNS
Hardware solutions / Routers & switches, VoIP, GSM, etc

BIG-IP Link Controller
Hardware solutions / Routers & switches, VoIP, GSM, etc

BIG-IP WebAccelerator
Hardware solutions / Routers & switches, VoIP, GSM, etc

BIG-IP Edge Gateway
Hardware solutions / Routers & switches, VoIP, GSM, etc

BIG-IP WebSafe
Server applications / Server solutions for antivurus protection

Vendor F5 Networks

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU9737

Risk: Low

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-6134

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists in the default configuration due to insufficient validation of user-supplied input. An adjacent attacker can send specially crafted packets to cause the target Traffic Management Microkernel (TMM) to restart and traffic to disrupt.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

The vulnerability is addressed in the following versions: 11.5.5, 11.6.2, 12.1.3, 13.1.0.

Vulnerable software versions

BIG-IP LTM: 11.5.1 - 13.0.0

BIG-IP AAM: 11.5.1 - 13.0.0

BIG-IP AFM: 11.5.1 - 13.0.0

BIG-IP Analytics: 11.5.1 - 13.0.0

BIG-IP APM: 11.5.1 - 13.0.0

BIG-IP ASM: 11.5.1 - 13.0.0

BIG-IP DNS: 11.5.1 - 13.0.0

BIG-IP GTM: 11.5.1 - 13.0.0

BIG-IP Link Controller: 11.5.1 - 13.0.0

BIG-IP PEM: 11.5.1 - 13.0.0

BIG-IP WebSafe: 11.5.1 - 13.0.0

CPE2.3 External links

https://support.f5.com/csp/article/K37404773


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU9738

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-6136

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists on the systems with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile due to insufficient validation of user-supplied input. A remote attacker can send specially crafted traffic to the target virtual server, trigger an unspecified flaw and cause the Traffic Management Microkernel (TMM) to restart and traffic to disrupt.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

The vulnerability is addressed in the following versions: 12.1.3, 13.1.0.

Vulnerable software versions

BIG-IP LTM: 12.1.0 - 13.0.0

BIG-IP AAM: 12.1.0 - 13.0.0

BIG-IP AFM: 12.1.0 - 13.0.0

BIG-IP Analytics: 12.1.0 - 13.0.0

BIG-IP APM: 12.1.0 - 13.0.0

BIG-IP ASM: 12.1.0 - 13.0.0

BIG-IP DNS: 12.1.0 - 13.0.0

BIG-IP GTM: 12.1.0 - 13.0.0

BIG-IP Link Controller: 12.1.0 - 13.0.0

BIG-IP PEM: 12.1.0 - 13.0.0

BIG-IP WebSafe: 12.1.0 - 13.0.0

CPE2.3 External links

https://support.f5.com/csp/article/K81137982


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU9739

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-6133

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send specially crafted HTTP request, trigger an unspecified flaw and cause the Traffic Management Microkernel (TMM) to restart and traffic to disrupt.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

The vulnerability is addressed in the following versions: 12.1.3, 13.1.0.

Vulnerable software versions

BIG-IP LTM: 12.1.0 - 13.0.0

BIG-IP AAM: 12.1.0 - 13.0.0

BIG-IP AFM: 12.1.0 - 13.0.0

BIG-IP Analytics: 12.1.0 - 13.0.0

BIG-IP APM: 12.1.0 - 13.0.0

BIG-IP ASM: 12.1.0 - 13.0.0

BIG-IP DNS: 12.1.0 - 13.0.0

BIG-IP GTM: 12.1.0 - 13.0.0

BIG-IP Link Controller: 12.1.0 - 13.0.0

BIG-IP PEM: 12.1.0 - 13.0.0

BIG-IP WebSafe: 12.1.0 - 13.0.0

CPE2.3 External links

https://support.f5.com/csp/article/K25033460


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU9740

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-6129

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists on the systems with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile due to insufficient validation of user-supplied input. A remote attacker can send specially crafted traffic to the target virtual server, trigger an unspecified flaw and cause the Traffic Management Microkernel (TMM) to restart and traffic to disrupt.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

The vulnerability is addressed in the following versions: 12.1.3, 13.1.0.

Vulnerable software versions

BIG-IP APM: 12.1.2 - 13.0.0

CPE2.3 External links

https://support.f5.com/csp/article/K20087443


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU9741

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-6132

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the default configuration due to insufficient validation of user-supplied input. A remote attacker can send specially crafted packets to the target primary or secondary High Availability state mirror listeners to cause the target Traffic Management Microkernel (TMM) to restart and traffic to disrupt.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

The vulnerability is addressed in the following versions: 11.5.5, 11.6.2, 12.1.3, 13.1.0.

Vulnerable software versions

BIG-IP LTM: 11.5.1 - 13.0.0

BIG-IP AAM: 11.5.1 - 13.0.0

BIG-IP AFM: 11.5.1 - 13.0.0

BIG-IP Analytics: 11.5.1 - 13.0.0

BIG-IP APM: 11.5.1 - 13.0.0

BIG-IP ASM: 11.5.1 - 13.0.0

BIG-IP DNS: 11.5.1 - 13.0.0

BIG-IP GTM: 11.5.1 - 13.0.0

BIG-IP Link Controller: 11.5.1 - 13.0.0

BIG-IP PEM: 11.5.1 - 13.0.0

BIG-IP WebSafe: 11.5.1 - 13.0.0

CPE2.3 External links

https://support.f5.com/csp/article/K12044607


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Resource exhaustion

EUVDB-ID: #VU9742

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-6135

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to resource exhaustion. A remote attacker can send specially crafted IPv4 or IPv6 packets to the management port or self IP addresses, trigger a memory leak in the kernel, consume excessive memory and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 13.1.0.

Vulnerable software versions

BIG-IP LTM: 13.0.0

BIG-IP AAM: 13.0.0

BIG-IP AFM: 13.0.0

BIG-IP Analytics: 13.0.0

BIG-IP APM: 13.0.0

BIG-IP ASM: 13.0.0

BIG-IP DNS: 13.0.0

BIG-IP GTM: 13.0.0

BIG-IP Link Controller: 13.0.0

BIG-IP PEM: 13.0.0

BIG-IP WebSafe: 13.0.0

CPE2.3 External links

https://support.f5.com/csp/article/K43322910


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU9743

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-6138

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists on the systems with BIG-IP APM profiles and the systems with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies due to insufficient validation of user-supplied input. A remote attacker can send specially crafted requests to a target virtual server that has an HTTP profile, trigger an unspecified flaw and cause the Traffic Management Microkernel (TMM) to restart and traffic to disrupt.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

The vulnerability is addressed in the following versions: 12.1.3, 13.1.0.

Vulnerable software versions

BIG-IP LTM: 12.1.0 - 13.0.0

BIG-IP AAM: 12.1.0 - 13.0.0

BIG-IP AFM: 12.1.0 - 13.0.0

BIG-IP Analytics: 12.1.0 - 13.0.0

BIG-IP APM: 12.1.0 - 13.0.0

BIG-IP ASM: 12.1.0 - 13.0.0

BIG-IP DNS: 12.1.0 - 13.0.0

BIG-IP GTM: 12.1.0 - 13.0.0

BIG-IP Link Controller: 12.1.0 - 13.0.0

BIG-IP PEM: 12.1.0 - 13.0.0

BIG-IP WebSafe: 12.1.0 - 13.0.0

CPE2.3 External links

https://support.f5.com/csp/article/K34514540


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU9744

Risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-6151

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to resource exhaustion. A remote attacker can send specially crafted requests to a target virtual server that uses the 'HTTP/2 profile' to disrupt service to the Traffic Management Microkernel (TMM).

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update to version 13.1.0.

Vulnerable software versions

BIG-IP LTM: 13.0.0

BIG-IP AAM: 13.0.0

BIG-IP AFM: 13.0.0

BIG-IP Analytics: 13.0.0

BIG-IP APM: 13.0.0

BIG-IP ASM: 13.0.0

BIG-IP DNS: 13.0.0

BIG-IP GTM: 13.0.0

BIG-IP Link Controller: 13.0.0

BIG-IP PEM: 13.0.0

BIG-IP WebSafe: 13.0.0

BIG-IP WebAccelerator: 13.0.0

CPE2.3 External links

https://support.f5.com/csp/article/K07369970


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Information disclosure

EUVDB-ID: #VU9745

Risk: Low

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-6139

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The vulnerability exists on the systems running in debug mode logging with BIG-IP APM due to the system may append potentially sensitive log details in response to client requests in certain cases. A remote attacker can read arbitrary file.

Mitigation

The vulnerability is addressed in the following versions: 12.1.3, 13.1.0.

Vulnerable software versions

BIG-IP APM: 12.1.2 - 13.0.0

CPE2.3 External links

https://support.f5.com/csp/article/K45432295


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Race condition

EUVDB-ID: #VU9746

Risk: Low

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-6167

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.

The vulnerability exists due to race condition when handling malicious input. A remote attacker can send asynchronous tasks via the iControl REST interface, trigger a race condition and execute commands with elevated privileges on the target system.

Mitigation

The vulnerability is addressed in the following versions: 12.1.3, 13.1.0.

Vulnerable software versions

BIG-IP LTM: 12.1.0 - 13.0.0

BIG-IP AAM: 12.1.0 - 13.0.0

BIG-IP AFM: 12.1.0 - 13.0.0

BIG-IP Analytics: 12.1.0 - 13.0.0

BIG-IP APM: 12.1.0 - 13.0.0

BIG-IP ASM: 12.1.0 - 13.0.0

BIG-IP DNS: 12.1.0 - 13.0.0

BIG-IP GTM: 12.1.0 - 13.0.0

BIG-IP Link Controller: 12.1.0 - 13.0.0

BIG-IP PEM: 12.1.0 - 13.0.0

BIG-IP WebSafe: 12.1.0 - 13.0.0

CPE2.3 External links

https://support.f5.com/csp/article/K24465120


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper input validation

EUVDB-ID: #VU9747

Risk: Low

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-6164

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary commands on the target system.

The vulnerability exists in the default configuration due to insufficient validation of user-supplied input. A remote attacker can send specially crafted TLS 1.2 data, trigger a flaw in the ClientSSL profile component of the Traffic Management Microkernel (TMM) and cause it to crash or potentially execute commands on the target system.

Mitigation

The vulnerability is addressed in the following versions: 11.5.5, 11.6.2, 12.1.3, 13.1.0.

Vulnerable software versions

BIG-IP LTM: 11.5.1 - 13.0.0

BIG-IP AAM: 11.5.1 - 13.0.0

BIG-IP AFM: 11.5.1 - 13.0.0

BIG-IP Analytics: 11.5.1 - 13.0.0

BIG-IP APM: 11.5.1 - 13.0.0

BIG-IP ASM: 11.5.1 - 13.0.0

BIG-IP DNS: 11.5.1 - 13.0.0

BIG-IP GTM: 11.5.1 - 13.0.0

BIG-IP Link Controller: 11.5.1 - 13.0.0

BIG-IP PEM: 11.5.1 - 13.0.0

BIG-IP WebSafe: 11.5.1 - 13.0.0

BIG-IP Edge Gateway: 11.5.1 - 13.0.0

BIG-IP WebAccelerator: 11.5.1 - 13.0.0

CPE2.3 External links

https://support.f5.com/csp/article/K02714910


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###