PT-2017-16927 · F5 · Big-Ip
Publicado
2017-11-17
·
Atualizado
2021-09-23
·
CVE-2017-6168
CVSS v3.1
7.4
Alta
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
BIG-IP versions 11.6.0 through 11.6.2
BIG-IP versions 12.0.0 through 12.1.2 HF1
BIG-IP versions 13.0.0 through 13.0.0 HF2
Description
The issue allows for an Adaptive Chosen Ciphertext attack, also known as a Bleichenbacher attack, against RSA. This can result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, without the attacker needing access to the server's private key. This type of attack is referred to as a ROBOT attack.
Recommendations
For BIG-IP versions 11.6.0 through 11.6.2, update to 11.6.2 HF1.
For BIG-IP versions 12.0.0 through 12.1.2 HF1, update to 12.1.2 HF2.
For BIG-IP versions 13.0.0 through 13.0.0 HF2, update to 13.0.0 HF3.
Exploit
Correção
Side Channel Attack
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Big-Ip