CVE-2017-6143

Published: Apr 13, 2018Modified: Nov 21, 2024

5.4

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

Exploitability: 2.2 / Impact: 2.7

Source: NVD

Description

X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server's identity is not properly validated in F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.2, or 11.5.0-11.5.5.

Affected (6)

Products: F5: Big Ip Advanced Firewall Manager, Big Ip Application Security Manager

2 products

Big Ip Advanced Firewall Manager

Big Ip Application Security Manager

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Advanced Firewall Manager	From 11.5.1 to 11.5.5
F5 Big Ip Advanced Firewall Manager	From 11.6.1 to 11.6.2
F5 Big Ip Advanced Firewall Manager	From 12.1.0 to 12.1.2

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Application Security Manager	After 12.1.0 to 12.1.2
F5 Big Ip Application Security Manager	From 11.5.1 to 11.5.5
F5 Big Ip Application Security Manager	From 11.6.1 to 11.6.2

Related CWEs

CWE-295

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

References (2)

https://support.f5.com/csp/article/K11464209

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K11464209

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.