← Back

CVE-2017-6165

nvd nist
Published: Oct 20, 2017Modified: May 13, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file.

Affected (110)

F5
11 products
Big Ip Access Policy Manager
Big Ip Advanced Firewall Manager
Big Ip Analytics
Big Ip Application Acceleration Manager
Big Ip Application Security Manager
Big Ip Domain Name System
Big Ip Global Traffic Manager
Big Ip Link Controller
Big Ip Local Traffic Manager
Big Ip Policy Enforcement Manager
Big Ip Websafe
Configuration A
110 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
F5
Big Ip Access Policy Manager
Version 11.5.1
Big Ip Access Policy Manager
Version 11.5.2
Big Ip Access Policy Manager
Version 11.5.3
Big Ip Access Policy Manager
Version 11.5.4
Big Ip Access Policy Manager
Version 11.6.0
Big Ip Access Policy Manager
Version 11.6.1
Big Ip Access Policy Manager
Version 12.0.0
Big Ip Access Policy Manager
Version 12.1.0
Big Ip Access Policy Manager
Version 12.1.1
Big Ip Access Policy Manager
Version 12.1.2
F5
Big Ip Advanced Firewall Manager
Version 11.5.1
Big Ip Advanced Firewall Manager
Version 11.5.2
Big Ip Advanced Firewall Manager
Version 11.5.3
Big Ip Advanced Firewall Manager
Version 11.5.4
Big Ip Advanced Firewall Manager
Version 11.6.0
Big Ip Advanced Firewall Manager
Version 11.6.1
Big Ip Advanced Firewall Manager
Version 12.0.0
Big Ip Advanced Firewall Manager
Version 12.1.0
Big Ip Advanced Firewall Manager
Version 12.1.1
Big Ip Advanced Firewall Manager
Version 12.1.2
F5
Big Ip Analytics
Version 11.5.1
Big Ip Analytics
Version 11.5.2
Big Ip Analytics
Version 11.5.3
Big Ip Analytics
Version 11.5.4
Big Ip Analytics
Version 11.6.0
Big Ip Analytics
Version 11.6.1
Big Ip Analytics
Version 12.0.0
Big Ip Analytics
Version 12.1.0
Big Ip Analytics
Version 12.1.1
Big Ip Analytics
Version 12.2.0
F5
Big Ip Application Acceleration Manager
Version 11.5.1
Big Ip Application Acceleration Manager
Version 11.5.2
Big Ip Application Acceleration Manager
Version 11.5.3
Big Ip Application Acceleration Manager
Version 11.5.4
Big Ip Application Acceleration Manager
Version 11.6.0
Big Ip Application Acceleration Manager
Version 11.6.1
Big Ip Application Acceleration Manager
Version 12.0.0
Big Ip Application Acceleration Manager
Version 12.1.0
Big Ip Application Acceleration Manager
Version 12.1.1
Big Ip Application Acceleration Manager
Version 12.1.2
F5
Big Ip Application Security Manager
Version 11.5.1
Big Ip Application Security Manager
Version 11.5.2
Big Ip Application Security Manager
Version 11.5.3
Big Ip Application Security Manager
Version 11.5.4
Big Ip Application Security Manager
Version 11.6.0
Big Ip Application Security Manager
Version 11.6.1
Big Ip Application Security Manager
Version 12.0.0
Big Ip Application Security Manager
Version 12.1.0
Big Ip Application Security Manager
Version 12.1.1
Big Ip Application Security Manager
Version 12.1.2
F5
Big Ip Domain Name System
Version 11.5.1
Big Ip Domain Name System
Version 11.5.2
Big Ip Domain Name System
Version 11.5.3
Big Ip Domain Name System
Version 11.5.4
Big Ip Domain Name System
Version 11.6.0
Big Ip Domain Name System
Version 11.6.1
Big Ip Domain Name System
Version 12.0.0
Big Ip Domain Name System
Version 12.1.0
Big Ip Domain Name System
Version 12.1.1
Big Ip Domain Name System
Version 12.1.2
F5
Big Ip Global Traffic Manager
Version 11.5.1
Big Ip Global Traffic Manager
Version 11.5.2
Big Ip Global Traffic Manager
Version 11.5.3
Big Ip Global Traffic Manager
Version 11.5.4
Big Ip Global Traffic Manager
Version 11.6.0
Big Ip Global Traffic Manager
Version 11.6.1
Big Ip Global Traffic Manager
Version 12.0.0
Big Ip Global Traffic Manager
Version 12.1.0
Big Ip Global Traffic Manager
Version 12.1.1
Big Ip Global Traffic Manager
Version 12.1.2
F5
Big Ip Link Controller
Version 11.5.1
Big Ip Link Controller
Version 11.5.2
Big Ip Link Controller
Version 11.5.3
Big Ip Link Controller
Version 11.5.4
Big Ip Link Controller
Version 11.6.0
Big Ip Link Controller
Version 11.6.1
Big Ip Link Controller
Version 12.0.0
Big Ip Link Controller
Version 12.1.0
Big Ip Link Controller
Version 12.1.1
Big Ip Link Controller
Version 12.1.2
F5
Big Ip Local Traffic Manager
Version 11.5.1
Big Ip Local Traffic Manager
Version 11.5.2
Big Ip Local Traffic Manager
Version 11.5.3
Big Ip Local Traffic Manager
Version 11.5.4
Big Ip Local Traffic Manager
Version 11.6.0
Big Ip Local Traffic Manager
Version 11.6.1
Big Ip Local Traffic Manager
Version 12.0.0
Big Ip Local Traffic Manager
Version 12.1.0
Big Ip Local Traffic Manager
Version 12.1.1
Big Ip Local Traffic Manager
Version 12.1.2
F5
Big Ip Policy Enforcement Manager
Version 11.5.1
Big Ip Policy Enforcement Manager
Version 11.5.2
Big Ip Policy Enforcement Manager
Version 11.5.3
Big Ip Policy Enforcement Manager
Version 11.5.4
Big Ip Policy Enforcement Manager
Version 11.6.0
Big Ip Policy Enforcement Manager
Version 11.6.1
Big Ip Policy Enforcement Manager
Version 12.0.0
Big Ip Policy Enforcement Manager
Version 12.1.0
Big Ip Policy Enforcement Manager
Version 12.1.1
Big Ip Policy Enforcement Manager
Version 12.1.2
F5
Big Ip Websafe
Version 11.5.1
Big Ip Websafe
Version 11.5.2
Big Ip Websafe
Version 11.5.3
Big Ip Websafe
Version 11.5.4
Big Ip Websafe
Version 11.6.0
Big Ip Websafe
Version 11.6.1
Big Ip Websafe
Version 12.0.0
Big Ip Websafe
Version 12.1.0
Big Ip Websafe
Version 12.1.1
Big Ip Websafe
Version 12.1.2
Running on/withPlatform Versions
F5
Viprion Application Delivery Controller
All versions

Related CWEs

CWE-532
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (6)

Source: f5sirt@f5.com
Third Party AdvisoryVDB Entry
Source: f5sirt@f5.com
Third Party AdvisoryVDB Entry
Source: f5sirt@f5.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.