PT-2017-16913 · F5 · F5 Big-Ip

Published

2017-10-20

Updated

2017-11-15

CVE-2017-6141

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 12.1.0 through 12.1.2

Description The issue affects F5 BIG-IP when using a client SSL profile with the Session Ticket option enabled, which can cause disruption of service to the Traffic Management Microkernel (TMM) due to certain values in a TLS abbreviated handshake. The Session Ticket option is disabled by default.

Recommendations For versions 12.1.0 through 12.1.2, consider disabling the Session Ticket option in client SSL profiles to prevent disruption of service to the TMM until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-6141

Affected Products

F5 Big-Ip

PT-2017-16913 · F5 · F5 Big-Ip

CVE-2017-6141

Weakness Enumeration

Related Identifiers

Affected Products

References · 3