CVE-2017-6157 Information
Feb 14, 2021
cve
Description
In F5 BIG-IP LTM AAM AFM Analytics APM ASM DNS GTM Link Controller PEM and Websafe software version 12.0.0 to 12.1.1 11.6.0 to 11.6.1 11.5.0 - 11.5.4 virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated remote attack that allows modification of BIG-IP system configuration extraction of sensitive system files and/or possible remote command execution on the BIG-IP system.
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://www.securityfocus.com/bid/101634 http://www.securitytracker.com/id/1039672 https://support.f5.com/csp/article/K02692210
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.1
Share on: