BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system. (CVE-2017-6157)
Note: This vulnerability covers the scenarios that were not addressed in K35520031: BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2016-5700.
F5 Technical Support has no additional information about this issue.
Impact
When this vulnerability is successfully exploited, a remote attacker may be able to modify the system configuration or extract sensitive system files.