9.8

CVE-2017-6165

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file.

Data is provided by the National Vulnerability Database (NVD)
F5Big-ip Analytics Version11.5.1
F5Big-ip Analytics Version11.5.2
F5Big-ip Analytics Version11.5.3
F5Big-ip Analytics Version11.5.4
F5Big-ip Analytics Version11.6.0
F5Big-ip Analytics Version11.6.1
F5Big-ip Analytics Version12.0.0
F5Big-ip Analytics Version12.1.0
F5Big-ip Analytics Version12.1.1
F5Big-ip Analytics Version12.2.0
F5Big-ip Websafe Version11.5.1
F5Big-ip Websafe Version11.5.2
F5Big-ip Websafe Version11.5.3
F5Big-ip Websafe Version11.5.4
F5Big-ip Websafe Version11.6.0
F5Big-ip Websafe Version11.6.1
F5Big-ip Websafe Version12.0.0
F5Big-ip Websafe Version12.1.0
F5Big-ip Websafe Version12.1.1
F5Big-ip Websafe Version12.1.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.95% 0.827
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

http://www.securityfocus.com/bid/101543
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039638
Third Party Advisory
VDB Entry