CVE-2017-6161

medium

CVSS v3 Base Score

5.3

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

2.7%

Exploitation probability in 30 days

Top 14% most likely to be exploited

Attack Characteristics

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

None

User Interaction

None

Confidentiality

None

Integrity

None

Availability

High

Published: October 27, 2017 (3120 days ago)

Last Modified: May 13, 2026

Vendor: F5

Source: NVD

Description

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion.

CWE

CWE-400

Affected Products

f5 big-ip local traffic managerf5 big-ip application acceleration managerf5 big-ip advanced firewall managerf5 big-ip access policy managerf5 big-ip application security managerf5 big-ip link controllerf5 big-ip policy enforcement managerf5 big-ip domain name systemf5 big-ip edge gatewayf5 big-ip global traffic manager

References

🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 www.securitytracker.com 🔗 support.f5.com 🔗 www.securityfocus.com

CVE-2017-6161

Vulnerability Report

Description

CWE

Affected Products

References