PT-2017-9193 · F5 · F5 Big-Ip
Publicado
2017-03-23
·
Atualizado
2019-06-06
·
CVE-2016-7468
CVSS v3.1
5.9
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions 11.4.1 through 11.5.4
Description
An unauthenticated remote attacker may disrupt services on affected devices with maliciously crafted network traffic. This issue affects virtual servers associated with TCP profiles when the
tm.tcpprogressive db variable value is set to the non-default setting "enabled". The default value for the tm.tcpprogressive db variable is "negotiate". An attacker may disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.Recommendations
For F5 BIG-IP versions 11.4.1 through 11.5.4, consider changing the
tm.tcpprogressive db variable value to its default setting "negotiate" to mitigate the risk of disruption.Correção
Improper Access Control
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
F5 Big-Ip