CVE-2017-6168

EPSS 68.11%
Veröffentlicht 17.11.2017 19:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle f5sirt@f5.com
Teams Watchlist Login
Unerledigt Login

On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

F5 ≫ Big-ip Ltm Version >= 11.6.0 <= 11.6.2

F5 ≫ Big-ip Ltm Version >= 12.0.0 <= 12.1.2

F5 ≫ Big-ip Ltm Version13.0.0

F5 ≫ Big-ip Application Acceleration Manager Version >= 11.6.0 <= 11.6.2

F5 ≫ Big-ip Application Acceleration Manager Version >= 12.0.0 <= 12.1.2

F5 ≫ Big-ip Application Acceleration Manager Version13.0.0

F5 ≫ Big-ip Afm Version >= 11.6.0 <= 11.6.2

F5 ≫ Big-ip Afm Version >= 12.0.0 <= 12.1.2

F5 ≫ Big-ip Afm Version13.0.0

F5 ≫ Big-ip Analytics Version >= 11.6.0 <= 11.6.2

F5 ≫ Big-ip Analytics Version >= 12.0.0 <= 12.1.2

F5 ≫ Big-ip Analytics Version13.0.0

F5 ≫ Big-ip Apm Version >= 11.6.0 <= 11.6.2

F5 ≫ Big-ip Apm Version >= 12.0.0 <= 12.1.2

F5 ≫ Big-ip Apm Version13.0.0

F5 ≫ Big-ip Asm Version >= 11.6.0 <= 11.6.2

F5 ≫ Big-ip Asm Version >= 12.0.0 <= 12.1.2

F5 ≫ Big-ip Asm Version13.0.0

F5 ≫ Big-ip Link Controller Version >= 11.6.0 <= 11.6.2

F5 ≫ Big-ip Link Controller Version >= 12.0.0 <= 12.1.2

F5 ≫ Big-ip Link Controller Version13.0.0

F5 ≫ Big-ip Pem Version >= 11.6.0 <= 11.6.2

F5 ≫ Big-ip Pem Version >= 12.0.0 <= 12.1.2

F5 ≫ Big-ip Pem Version13.0.0

F5 ≫ Websafe Version >= 12.0.0 <= 12.1.2

F5 ≫ Websafe Version11.6.2

F5 ≫ Websafe Version13.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	68.11%	0.985

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.4	2.2	5.2	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

http://www.securityfocus.com/bid/101901

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1039839

Third Party Advisory

VDB Entry

https://robotattack.org/

Third Party Advisory

Technical Description

https://support.f5.com/csp/article/K21905460

Vendor Advisory

Issue Tracking