CVE-2017-6165

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.5.1 HF6 through 11.5.4 HF4 F5 BIG-IP versions 11.6.0 through 11.6.1 HF1 F5 BIG-IP versions 12.0.0 through 12.1.2

Description The issue concerns the logging of sensitive information. In clustered deployments on VIPRION platforms, the script responsible for synchronizing SafeNet External Network HSM configuration elements between blades logs the HSM partition password in cleartext to the "/var/log/ltm" log file.

Recommendations For versions 11.5.1 HF6 through 11.5.4 HF4, consider restricting access to the "/var/log/ltm" log file to minimize the risk of password exposure until a fix is available. For versions 11.6.0 through 11.6.1 HF1, consider implementing additional logging controls to prevent sensitive information from being written to the log file. For versions 12.0.0 through 12.1.2, restrict access to the HSM partition configuration to prevent unauthorized users from obtaining the password.