CVE-2017-6131

critical

CVSS v3 Base Score

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.8%

Exploitation probability in 30 days

Top 26% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: May 23, 2017 (3277 days ago)

Last Modified: May 13, 2026

Vendor: F5

Source: NVD

Description

In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH.

CWE

CWE-798

Affected Products

f5 big-ip local traffic managerf5 big-ip application acceleration managerf5 big-ip advanced firewall managerf5 big-ip access policy managerf5 big-ip application security managerf5 big-ip domain name systemf5 big-ip link controllerf5 big-ip policy enforcement managerf5 big-ip websafe

References

🔗 www.securitytracker.com 🔗 support.f5.com 🔗 www.securitytracker.com 🔗 support.f5.com

CVE-2017-6131

Vulnerability Report

Description

CWE

Affected Products

References