7.8

CVE-2017-6150

Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - 12.1.3.1, using FastL4 profiles, when the Reassemble IP Fragments option is disabled (default), some specific large fragmented packets may restart the Traffic Management Microkernel (TMM).

Data is provided by the National Vulnerability Database (NVD)
F5Big-ip Local Traffic Manager Version >= 12.1.0 <= 12.1.3.1
F5Big-ip Local Traffic Manager Version13.0.0
F5Big-ip Application Acceleration Manager Version >= 12.1.0 <= 12.1.3.1
F5Big-ip Advanced Firewall Manager Version >= 12.1.0 <= 12.1.3.1
F5Big-ip Analytics Version >= 12.1.0 <= 12.1.3.1
F5Big-ip Analytics Version13.0.0
F5Big-ip Access Policy Manager Version >= 12.1.0 <= 12.1.3.1
F5Big-ip Access Policy Manager Version13.0.0
F5Big-ip Application Security Manager Version >= 12.1.0 <= 12.1.3.1
F5Big-ip Dns Version >= 12.1.0 <= 12.1.3.1
F5Big-ip Dns Version13.0.0
F5Big-ip Link Controller Version >= 12.1.0 <= 12.1.3.1
F5Big-ip Link Controller Version13.0.0
F5Big-ip Policy Enforcement Manager Version >= 12.1.0 <= 12.1.3.1
F5Big-ip Websafe Version >= 12.1.0 <= 12.1.3.1
F5Big-ip Websafe Version13.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.59% 0.665
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/103235
Third Party Advisory
VDB Entry