← Back

CVE-2017-6142

nvd nist
Published: Jan 19, 2018Modified: Nov 21, 2024

JSON object

Loading...
4.8
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Exploitability: 2.2 / Impact: 2.5
Source: NVD

Description

X509 certificate verification was not correctly implemented in the early access "user id" feature in the F5 BIG-IP Advanced Firewall Manager versions 13.0.0, 12.1.0-12.1.2, and 11.6.0-11.6.2, and thus did not properly validate the remote server's identity on certain versions of BIG-IP.

Affected (3)

F5
1 product
Big Ip Advanced Firewall Manager
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
F5
Big Ip Advanced Firewall Manager
From 11.6.0 to 11.6.2
Big Ip Advanced Firewall Manager
From 12.1.0 to 12.1.2
Big Ip Advanced Firewall Manager
Version 13.0.0

Related CWEs

CWE-295
Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.

References (4)

Source: f5sirt@f5.com
Third Party AdvisoryVDB Entry
Source: f5sirt@f5.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.