Detections
Analytics

CVE-2017-6161

medium

Description

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion.

References

https://support.f5.com/csp/article/K62279530

http://www.securitytracker.com/id/1039676

http://www.securitytracker.com/id/1039675

http://www.securityfocus.com/bid/101636

Details

Source: Mitre, NVD

Published: 2017-10-27

Updated: 2017-11-16

Risk Information

CVSS v2

Base Score: 2.9

Vector: CVSS2#AV:A/AC:M/Au:N/C:N/I:N/A:P

Severity: Low

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: Medium