Sign-up

ID

VAR-201704-0638


CVE

CVE-2017-0305


TITLE

F5 SSL Intercept iApp Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-002991

DESCRIPTION

F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic. F5 SSL Intercept iApp Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. F5 SSL Intercept iApp is a set of templates for configuring outbound security devices for decrypting SSL traffic in LTM from F5 Corporation of the United States. A security vulnerability exists in the F5 SSL Intercept iApp version 1.5.0 to 1.5.7. A remote attacker can exploit this vulnerability to modify the BIG-IP system configuration, extract sensitive information files, and execute commands on the system

Trust: 1.71

sources: NVD: CVE-2017-0305 // JVNDB: JVNDB-2017-002991 // VULHUB: VHN-99124

AFFECTED PRODUCTS

vendor:f5model:ssl intercept iappscope:eqversion:1.5.7

Trust: 1.6

vendor:f5model:ssl intercept iappscope:eqversion:1.5.0

Trust: 1.6

vendor:f5model:ssl intercept iappscope:eqversion:1.5.0 to 1.5.7

Trust: 0.8

sources: JVNDB: JVNDB-2017-002991 // CNNVD: CNNVD-201704-291 // NVD: CVE-2017-0305

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-0305
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-0305
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201704-291
value: CRITICAL

Trust: 0.6

VULHUB: VHN-99124
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-0305
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-99124
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-0305
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-99124 // JVNDB: JVNDB-2017-002991 // CNNVD: CNNVD-201704-291 // NVD: CVE-2017-0305

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-99124 // JVNDB: JVNDB-2017-002991 // NVD: CVE-2017-0305

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-291

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201704-291

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002991

PATCH
title:K53244431: SSL Intercept iApp HTTP Explicit Proxy vulnerability CVE-2017-0305url:https://support.f5.com/csp/article/K53244431
Trust: 0.8
title:F5 SSL Intercept iApp Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69221
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-002991 // 
            
            
            
            CNNVD: CNNVD-201704-291

EXTERNAL IDS
db:NVDid:CVE-2017-0305
Trust: 2.5
db:JVNDBid:JVNDB-2017-002991
Trust: 0.8
db:CNNVDid:CNNVD-201704-291
Trust: 0.7
db:VULHUBid:VHN-99124
Trust: 0.1
sources:
            
            
            VULHUB: VHN-99124 // 
            
            
            
            JVNDB: JVNDB-2017-002991 // 
            
            
            
            CNNVD: CNNVD-201704-291 // 
            
            
            
            NVD: CVE-2017-0305

REFERENCES
url:https://support.f5.com/csp/article/k53244431
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0305
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-0305
Trust: 0.8
sources:
            
            
            VULHUB: VHN-99124 // 
            
            
            
            JVNDB: JVNDB-2017-002991 // 
            
            
            
            CNNVD: CNNVD-201704-291 // 
            
            
            
            NVD: CVE-2017-0305

SOURCES
db:VULHUBid:VHN-99124
db:JVNDBid:JVNDB-2017-002991
db:CNNVDid:CNNVD-201704-291
db:NVDid:CVE-2017-0305

LAST UPDATE DATE
2025-04-20T23:13:12.784000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-99124date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-002991date:2017-05-10T00:00:00
db:CNNVDid:CNNVD-201704-291date:2019-10-23T00:00:00
db:NVDid:CVE-2017-0305date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-99124date:2017-04-06T00:00:00
db:JVNDBid:JVNDB-2017-002991date:2017-05-10T00:00:00
db:CNNVDid:CNNVD-201704-291date:2017-04-24T00:00:00
db:NVDid:CVE-2017-0305date:2017-04-06T14:59:00.193