5.9
CVE-2017-6166
- EPSS 1.2%
- Veröffentlicht 22.11.2017 16:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle f5sirt@f5.com
- Teams Watchlist Login
- Unerledigt Login
In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
F5 ≫ Big-ip Afm Version >= 12.0.0 <= 12.1.1
F5 ≫ Big-ip Analytics Version >= 12.0.0 <= 12.1.1
F5 ≫ Big-ip Apm Version >= 12.0.0 <= 12.1.1
F5 ≫ Big-ip Application Acceleration Manager Version >= 12.0.0 <= 12.1.1
F5 ≫ Big-ip Asm Version >= 12.0.0 <= 12.1.1
F5 ≫ Big-ip Dns Version >= 12.0.0 <= 12.1.1
F5 ≫ Big-ip Link Controller Version >= 12.0.0 <= 12.1.1
F5 ≫ Big-ip Ltm Version >= 12.0.0 <= 12.1.1
F5 ≫ Big-ip Pem Version >= 12.0.0 <= 12.1.1
F5 ≫ F5 Websafe Version >= 12.0.0 <= 12.1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.2% | 0.77 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-415 Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.