Lucene search
F5F5:K20682450HistoryJan 18, 2018 - 12:00 a.m.
K20682450 : BIG-IP AFM vulnerability CVE-2017-6142
2018-01-1800:00:00
my.f5.com
13
0.001 Low
EPSS
Percentile
31.9%
Security Advisory Description
X509 certificate verification was not correctly implemented in the early access “user id” feature in the BIG-IP Advanced Firewall Manager, and thus did not properly validate the remote server’s identity on certain versions of BIG-IP. (CVE-2017-6142)
Impact
In affected BIG-IP AFM versions, the system is unable to properly validate the remote server’s identity, which may lead to man-in-the-middle (MITM) attacks. This issue affects the Network Firewall policy enforcement. The issue depends on an experimental configuration that was only deployed with F5 technical assistance as a proof of concept.
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip afm | eq | 11.4.1 | |
| big-ip afm | eq | 11.5.0 | |
| big-ip afm | eq | 11.5.1 | |
| big-ip afm | eq | 11.5.2 | |
| big-ip afm | eq | 11.5.3 | |
| big-ip afm | eq | 11.5.4 | |
| big-ip afm | eq | 11.5.5 | |
| big-ip afm | eq | 11.6.0 | |
| big-ip afm | eq | 11.6.1 | |
| big-ip afm | eq | 11.6.2 |
Related
cve
cve
CVE-2017-6142
2018-01-19 14:29:00
nvd
nvd
CVE-2017-6142
2018-01-19 14:29:00
prion
prion
Code injection
2018-01-19 14:29:00
cvelist
cvelist
CVE-2017-6142
2018-01-18 00:00:00
nessus
nessus
F5 Networks BIG-IP : BIG-IP AFM vulnerability (K20682450)
2018-11-02 00:00:00