PT-2018-8296 · F5 · F5 Big-Ip
Published
2018-04-13
·
Updated
2018-05-21
·
CVE-2017-6148
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions 11.5.1 through 11.5.5
F5 BIG-IP versions 11.6.1 through 11.6.2
F5 BIG-IP versions 12.0.0 through 12.1.3.1
F5 BIG-IP version 13.0.0
Description
The issue affects the data plane when a SOCKS proxy profile is attached to a Virtual Server, potentially causing a disruption of services provided by TMM. The control plane is not impacted.
Recommendations
For F5 BIG-IP versions 11.5.1 through 11.5.5, consider removing the SOCKS proxy profile from the Virtual Server to prevent exploitation.
For F5 BIG-IP versions 11.6.1 through 11.6.2, consider removing the SOCKS proxy profile from the Virtual Server to prevent exploitation.
For F5 BIG-IP versions 12.0.0 through 12.1.3.1, consider removing the SOCKS proxy profile from the Virtual Server to prevent exploitation.
For F5 BIG-IP version 13.0.0, consider removing the SOCKS proxy profile from the Virtual Server to prevent exploitation.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
F5 Big-Ip