Details of VAR-201705-3544

ID

VAR-201705-3544

CVE

CVE-2017-6137

TITLE

plural F5 BIG-IP Product Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-003996

DESCRIPTION

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, and WebSafe 11.6.1 HF1, 12.0.0 HF3, 12.0.0 HF4, and 12.1.0 through 12.1.2, undisclosed traffic patterns received while software SYN cookie protection is engaged may cause a disruption of service to the Traffic Management Microkernel (TMM) on specific platforms and configurations. plural F5 BIG-IP Product Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IP is a load balancer that uses a variety of allocation algorithms to distribute network requests to available servers in a server cluster. By managing incoming web data traffic and increasing effective network bandwidth, network visitors get as much as possible. The hardware device for the best networking experience. A F5BIG-IPTCP packet has a denial of service vulnerability that remote users can use to send a specially crafted sequence of packets, causing the target traffic management microkernel (TMM) to be interrupted. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. Security flaws exist in several F5 products. An attacker could exploit this vulnerability to compromise services used by the Traffic Management Microkernel (TMM). The following products and versions are affected: F5 BIG-IP LTM Release 11.6.1 HF1, Release 12.0.0 HF3, Release 12.0.0 HF4, Release 12.1.0 through Release 12.1.2; BIG-IP AAM Release 11.6.1 HF1, 12.0.0 HF3 release, 12.0.0 HF4 release, 12.1.0 to 12.1.2 release; BIG-IP AFM 11.6.1 HF1 release, 12.0.0 HF3 release, 12.0.0 HF4 release, 12.1.0 to 12.1 release .2 releases; BIG-IP Analytics 11.6.1 HF1 release, 12.0.0 HF3 release, 12.0.0 HF4 release, 12.1.0 through 12.1.2 releases; BIG-IP APM 11.6.1 HF1 release, 12.0.0 HF3 release Version, version 12.0.0 HF4, version 12.1.0 to version 12.1.2; BIG-IP ASM version 11.6.1 HF1, version 12.0.0 HF3, version 12.0.0 HF4, version 12.1.0 to version 12.1.2; BIG-IP DNS Version 12.0.0 HF3, Version 12.0.0 HF4, Versions 12.1.0 to 12.1.2; BIG-IP GTM Version 11.6.1 HF1; BIG-IP Link Controller Version 11.6.1 HF1, Version 12.0.0 HF3 release, 12.0.0 HF4 release, 12.1.0 to 12.1.2 release; BIG-IP PEM 11.6.1 HF1 release, 12.0.0 HF3 release, 12.0.0 HF4 release, 12.1.0 to 12.1.2 release ; BIG-IP WebSafe Version 11.6.1 HF1, Version 12.0.0 HF3, Version 12.0.0 HF4, Versions 12.1.0 through 12

Trust: 2.25

sources: NVD: CVE-2017-6137 // JVNDB: JVNDB-2017-003996 // CNVD: CNVD-2017-06372 // VULHUB: VHN-114340

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-06372

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.2	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.2	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.1	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.0	Trust: 1.6
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.1.0	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.1	Trust: 1.6
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.0.0	Trust: 1.6
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.1.1	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.1	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.0.0	Trust: 1.6
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 1.4
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 1.4
vendor:	f5	model:	big-ip edge gateway	scope:	-	version:	-	Trust: 1.4
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip websafe	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip aam	scope:	-	version:	-	Trust: 0.6
vendor:	f5	model:	big-ip ltm	scope:	-	version:	-	Trust: 0.6
vendor:	f5	model:	big-ip afm	scope:	-	version:	-	Trust: 0.6
vendor:	f5	model:	big-ip apm	scope:	-	version:	-	Trust: 0.6
vendor:	f5	model:	big-ip asm	scope:	-	version:	-	Trust: 0.6
vendor:	f5	model:	big-ip webaccelerator	scope:	-	version:	-	Trust: 0.6
vendor:	f5	model:	big-ip dns	scope:	-	version:	-	Trust: 0.6
vendor:	f5	model:	big-ip psm	scope:	-	version:	-	Trust: 0.6
vendor:	f5	model:	big-ip pem	scope:	-	version:	-	Trust: 0.6
vendor:	f5	model:	big-ip websafe hf1	scope:	eq	version:	11.6.1	Trust: 0.6
vendor:	f5	model:	big-ip websafe hf3	scope:	eq	version:	12.0.0	Trust: 0.6
vendor:	f5	model:	big-ip websafe hf4	scope:	eq	version:	12.0.0	Trust: 0.6
vendor:	f5	model:	big-ip websafe	scope:	gte	version:	12.1.0<=12.1.2	Trust: 0.6

sources: CNVD: CNVD-2017-06372 // JVNDB: JVNDB-2017-003996 // NVD: CVE-2017-6137 // CNNVD: CNNVD-201702-783

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2017-6137
value:	MEDIUM
Trust: 1.8
CNVD:	CNVD-2017-06372
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201702-783
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-114340
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2017-6137
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2017-06372
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-114340
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	3.6
version:	3.0
Trust: 1.0
NVD:	CVE-2017-6137
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2017-06372 // VULHUB: VHN-114340 // JVNDB: JVNDB-2017-003996 // NVD: CVE-2017-6137 // CNNVD: CNNVD-201702-783

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-114340 // JVNDB: JVNDB-2017-003996 // NVD: CVE-2017-6137

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-783

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201702-783

CONFIGURATIONS

sources: NVD: CVE-2017-6137

PATCH

title:	K82851041: TMM vulnerability CVE-2017-6137	url:	https://support.f5.com/csp/article/k82851041	Trust: 0.8
title:	F5BIG-IPTCP Packet Denial of Service Vulnerability Patch	url:	https://www.cnvd.org.cn/patchinfo/show/93431	Trust: 0.6
title:	Multiple F5 Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99651	Trust: 0.6

sources: CNVD: CNVD-2017-06372 // JVNDB: JVNDB-2017-003996 // CNNVD: CNNVD-201702-783

EXTERNAL IDS

db:	NVD	id:	CVE-2017-6137	Trust: 3.1
db:	SECTRACK	id:	1038409	Trust: 2.3
db:	JVNDB	id:	JVNDB-2017-003996	Trust: 0.8
db:	CNNVD	id:	CNNVD-201702-783	Trust: 0.7
db:	CNVD	id:	CNVD-2017-06372	Trust: 0.6
db:	VULHUB	id:	VHN-114340	Trust: 0.1

sources: CNVD: CNVD-2017-06372 // VULHUB: VHN-114340 // JVNDB: JVNDB-2017-003996 // NVD: CVE-2017-6137 // CNNVD: CNNVD-201702-783

REFERENCES

url:	https://support.f5.com/csp/article/k82851041	Trust: 1.7
url:	http://www.securitytracker.com/id/1038409	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6137	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6137	Trust: 0.8
url:	http://securitytracker.com/id/1038409	Trust: 0.6

sources: CNVD: CNVD-2017-06372 // VULHUB: VHN-114340 // JVNDB: JVNDB-2017-003996 // NVD: CVE-2017-6137 // CNNVD: CNNVD-201702-783

SOURCES

db:	CNVD	id:	CNVD-2017-06372
db:	VULHUB	id:	VHN-114340
db:	JVNDB	id:	JVNDB-2017-003996
db:	NVD	id:	CVE-2017-6137
db:	CNNVD	id:	CNNVD-201702-783

LAST UPDATE DATE

2023-12-18T13:39:00.253000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-06372	date:	2017-05-12T00:00:00
db:	VULHUB	id:	VHN-114340	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-003996	date:	2017-06-13T00:00:00
db:	NVD	id:	CVE-2017-6137	date:	2019-10-03T00:03:26.223
db:	CNNVD	id:	CNNVD-201702-783	date:	2019-10-23T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-06372	date:	2017-05-12T00:00:00
db:	VULHUB	id:	VHN-114340	date:	2017-05-09T00:00:00
db:	JVNDB	id:	JVNDB-2017-003996	date:	2017-06-13T00:00:00
db:	NVD	id:	CVE-2017-6137	date:	2017-05-09T15:29:00.407
db:	CNNVD	id:	CNNVD-201702-783	date:	2017-02-23T00:00:00