CVE-2017-0301

Published Dec 21, 2017

Last updated 5 years ago

CVSS high 7.6

Overview

Description: In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1 and 12.1.2 BIG-IP APM portal access requests do not return the intended resources in some cases. This may allow access to internal BIG-IP APM resources, however the application resources and backend servers are unaffected.
Source: f5sirt@f5.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.6
Impact score: 6
Exploitability score: 0.9
Vector string: CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 6.4
Exploitability score: 2.5
Vector string: AV:A/AC:H/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C0312FC-8178-46DE-B4EE-00F2895073BA"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC6C5628-14FF-4D75-B62E-D4B2707C1E3D"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9E574F6-34B6-45A6-911D-E5347DA22F69"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BCF94129-8779-4D68-8DD4-B828CA633746"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA2E88AA-0523-48D0-8664-6AFDBCB6C940"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFA77C6B-72DB-4D57-87CF-11F2C7EDB828"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E33BCA5B-CE91-451C-9821-2023A9E461C1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B62FEC0-EE22-46E6-B811-8AB0EE4C3E2E"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FCD2044C-AC6F-4145-B1A0-8EB26DCF1F8C"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FC866D4-CE8C-4408-AD1E-8643AC554CC9"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7563D979-BE37-4251-B92E-0DBDBE53F3FF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References