CVE-2017-6168

Published Nov 17, 2017

Last updated 3 years ago

CVSS high 7.4

Overview

Description: On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack.
Source: f5sirt@f5.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.4
Impact score: 5.2
Exploitability score: 2.2
Vector string: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-203

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_ltm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1BD6762-15E4-495A-BB93-66EBF5F81C24",
            "versionEndIncluding": "11.6.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_ltm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8E03DAF-41DD-45C6-BD69-EAD1423BEFF0",
            "versionEndIncluding": "12.1.2",
            "versionStartIncluding": "12.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_ltm:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8201185-406F-4769-8690-9734C3DA2B48"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6932A666-B5B2-463F-922E-303E95BEF9F8",
            "versionEndIncluding": "11.6.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39E45CF5-C9E4-4AB9-A6D5-66F8336DDB79",
            "versionEndIncluding": "12.1.2",
            "versionStartIncluding": "12.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_afm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF5BC5CE-AD6C-4225-B45A-71E6D709F9AB",
            "versionEndIncluding": "11.6.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_afm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEFC0AC4-E0A9-4EAE-B573-F70F5B5375DB",
            "versionEndIncluding": "12.1.2",
            "versionStartIncluding": "12.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_afm:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17A138CE-D1E3-4331-89F6-717539F1B59F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95131361-AFA7-43CA-9426-4F9A6644D337",
            "versionEndIncluding": "11.6.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25944BCA-3EEB-4396-AC8F-EF58834BC47E",
            "versionEndIncluding": "12.1.2",
            "versionStartIncluding": "12.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34D75E7F-B65F-421D-92EE-6B20756019C2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_apm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB69EC13-3CDB-44C9-9328-7BE4F7E0013A",
            "versionEndIncluding": "11.6.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_apm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC0762B8-793F-4619-9BA6-F98654F05B9D",
            "versionEndIncluding": "12.1.2",
            "versionStartIncluding": "12.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_apm:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E66DDC7E-1DFA-45C0-AA78-C44EE39352E0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_asm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "465D4268-5052-4FF1-936F-813E8971A72B",
            "versionEndIncluding": "11.6.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_asm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A00C9178-7218-483B-8280-5B5F39695772",
            "versionEndIncluding": "12.1.2",
            "versionStartIncluding": "12.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_asm:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "795163B3-60B2-4C3B-AFF9-14B19D728811"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3938A3B7-CF57-477D-9C88-478B75D720B8",
            "versionEndIncluding": "11.6.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4A5CD9B-D257-4EC9-8C57-D9552C2FFFFC",
            "versionEndIncluding": "12.1.2",
            "versionStartIncluding": "12.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2C4414E-8016-48B5-8CC3-F97FF2D85922"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_pem:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA238C0E-74F9-4395-ACE0-0B3266ED12C4",
            "versionEndIncluding": "11.6.2",
            "versionStartIncluding": "11.6.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_pem:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2E02B0B-3539-467A-9A2D-0D0B24C60ABC",
            "versionEndIncluding": "12.1.2",
            "versionStartIncluding": "12.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_pem:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4700490-894F-4CCD-92A4-595043F38B7F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:websafe:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28F486A3-129D-470E-94B7-7ED06E3740A6",
            "versionEndIncluding": "12.1.2",
            "versionStartIncluding": "12.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:websafe:11.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "186C996F-8E31-493B-BC0F-C5D831AB0BB8"
          },
          {
            "criteria": "cpe:2.3:a:f5:websafe:13.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2175D656-06F7-4708-9DC0-E859BABD3CC6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References