#VU8492 Denial of service in F5 Networks products


Published: 2017-09-16 | Updated: 2017-09-19

Vulnerability identifier: #VU8492

Vulnerability risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6147

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
BIG-IP Analytics
Hardware solutions / Security hardware applicances
BIG-IP PEM
Hardware solutions / Security hardware applicances
BIG-IP ASM
Hardware solutions / Security hardware applicances
BIG-IP APM
Hardware solutions / Security hardware applicances
BIG-IP AFM
Hardware solutions / Security hardware applicances
BIG-IP LTM
Hardware solutions / Security hardware applicances
BIG-IP WebSafe
Server applications / Server solutions for antivurus protection
BIG-IP Link Controller
Hardware solutions / Routers & switches, VoIP, GSM, etc
BIG-IP DNS
Hardware solutions / Routers & switches, VoIP, GSM, etc
BIG-IP AAM
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: F5 Networks

Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the SSL Forward Proxy feature of multiple F5 Networks BIG-IP products due to improper processing of undisclosed requests. A remote attacker can send series of undisclosed requests, trigger the "SSL Forward Proxy" setup to connect to untrusted servers and cause the Traffic Management Microkernel (TMM) component to restart.

Successful exploitation of the vulnerability results in denial of service.

Note: This vulnerability affects only devices running a BIG-IP virtual server that has the SSL Forward Proxy option enabled in the assigned client and server SSL profiles.

Mitigation
The vulnerability is addressed in the following versions:
12.0.0 - 12.1.2 for BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP DNS, BIG-IP Link Controller, BIG-IP PEM, BIG-IP WebSafe.
11.4.0 - 11.6.1 for BIG-IP LTM, BIG-IP AAM, BIG-IP AFM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP GTM, BIG-IP Link Controller, BIG-IP PEM.
11.2.1 for BIG-IP LTM, BIG-IP Analytics, BIG-IP APM, BIG-IP ASM, BIG-IP Edge Gateway, BIG-IP GTM, BIG-IP Link Controller.

Vulnerable software versions

BIG-IP Analytics: 12.1.2 HF1 - 13.0.0

BIG-IP WebSafe: 12.1.2 HF1 - 13.0.0

BIG-IP PEM: 12.1.2 HF1 - 13.0.0

BIG-IP Link Controller: 12.1.2 HF1 - 13.0.0

BIG-IP DNS: 12.1.2 HF1 - 13.0.0

BIG-IP ASM: 12.1.2 HF1 - 13.0.0

BIG-IP APM: 12.1.2 HF1 - 13.0.0

BIG-IP AFM: 12.1.2 HF1 - 13.0.0

BIG-IP AAM: 12.1.2 HF1 - 13.0.0

BIG-IP LTM: 12.1.2 HF1 - 13.0.0


External links
http://support.f5.com/csp/article/K43945001


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability