#VU8985 Denial of service in F5 Networks products - CVE-2017-6163
Vulnerability identifier: #VU8985
Vulnerability risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6163
CWE-ID:
CWE-284
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
BIG-IP PSM
Hardware solutions /
Security hardware applicances
BIG-IP PEM
Hardware solutions /
Security hardware applicances
BIG-IP ASM
Hardware solutions /
Security hardware applicances
BIG-IP APM
Hardware solutions /
Security hardware applicances
BIG-IP AFM
Hardware solutions /
Security hardware applicances
BIG-IP LTM
Hardware solutions /
Security hardware applicances
BIG-IP Link Controller
Hardware solutions /
Routers & switches, VoIP, GSM, etc
BIG-IP AAM
Hardware solutions /
Routers & switches, VoIP, GSM, etc
Vendor: F5 Networks
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile. A remote attacker can send a large number of connections greater than the advertised limit to disrupt Traffic Management Microkernel (TMM) data plane service.
Successful exploitation of the vulnerability results in denial of service.
Mitigation
Install update from vendor's website.
Vulnerable software versions
BIG-IP PSM: 11.4.0 - 11.4.1
BIG-IP PEM: 11.5.1 HF6 - 12.1.2
BIG-IP Link Controller: 11.5.1 HF6 - 12.1.2
BIG-IP ASM: 11.5.1 HF6 - 12.1.2
BIG-IP APM: 11.5.1 HF6 - 12.1.2
BIG-IP AFM: 11.4.0 - 12.1.2
BIG-IP AAM: 11.4.0 HF4 - 12.1.2
BIG-IP LTM: 11.4.0 - 12.1.2
External links
https://support.f5.com/csp/article/K22541983
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
