CVE-2017-6167

Published: Dic 21, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2017-15232 Aliases: GSD-2017-6167
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH 8,5
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: single
Confidentiality: complete
Integrity: complete
Availability: complete

Description

AI Translation Available

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0031
Percentile
0,5th
Updated

EPSS Score Trend (Last 91 Days)

362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Confidentiality Integrity Access Control
Potential Impacts:
Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other) Dos: Crash, Exit, Or Restart Dos: Instability Read Files Or Directories Read Application Data Execute Unauthorized Code Or Commands Gain Privileges Or Assume Identity Bypass Protection Mechanism
Applicable Platforms
Languages: C, C++, Java
Technologies: Mobile, ICS/OT
Likelihood of Exploit: Medium
View CWE Details
Application

Big-Ip Analytics by F5

Product Information
Vendor F5
Product Big-Ip Analytics
Version 13.0.0
cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Acceleration Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Acceleration Manager
Version 13.0.0
cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Policy Enforcement Manager by F5

Product Information
Vendor F5
Product Big-Ip Policy Enforcement Manager
Version 13.0.0
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Local Traffic Manager by F5

Product Information
Vendor F5
Product Big-Ip Local Traffic Manager
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.2 (inclusive)
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Websafe by F5

Product Information
Vendor F5
Product Big-Ip Websafe
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.2 (inclusive)
cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Acceleration Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Acceleration Manager
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.2 (inclusive)
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version 13.0.0
cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Advanced Firewall Manager by F5

Product Information
Vendor F5
Product Big-Ip Advanced Firewall Manager
Version 13.0.0
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Policy Enforcement Manager by F5

Product Information
Vendor F5
Product Big-Ip Policy Enforcement Manager
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.2 (inclusive)
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Dns by F5

Product Information
Vendor F5
Product Big-Ip Dns
Version 13.0.0
cpe:2.3:a:f5:big-ip_dns:13.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Analytics by F5

Product Information
Vendor F5
Product Big-Ip Analytics
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.2 (inclusive)
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Websafe by F5

Product Information
Vendor F5
Product Big-Ip Websafe
Version 13.0.0
cpe:2.3:a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Link Controller by F5

Product Information
Vendor F5
Product Big-Ip Link Controller
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.2 (inclusive)
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Local Traffic Manager by F5

Product Information
Vendor F5
Product Big-Ip Local Traffic Manager
Version 13.0.0
cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Access Policy Manager by F5

Product Information
Vendor F5
Product Big-Ip Access Policy Manager
Version 13.0.0
cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Dns by F5

Product Information
Vendor F5
Product Big-Ip Dns
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.2 (inclusive)
cpe:2.3:a:f5:big-ip_dns:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Link Controller by F5

Product Information
Vendor F5
Product Big-Ip Link Controller
Version 13.0.0
cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Access Policy Manager by F5

Product Information
Vendor F5
Product Big-Ip Access Policy Manager
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.2 (inclusive)
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Advanced Firewall Manager by F5

Product Information
Vendor F5
Product Big-Ip Advanced Firewall Manager
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.2 (inclusive)
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Big-Ip Application Security Manager by F5

Product Information
Vendor F5
Product Big-Ip Application Security Manager
Version Range Affected
From 12.1.0 (inclusive)
To 12.1.2 (inclusive)
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://support.f5.com/csp/article/K24465120
Issue Tracking Vendor Advisory
https://support.f5.com/csp/article/K24465120
http://www.securitytracker.com/id/1040053
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040053
https://support.f5.com/csp/article/K24465120
Issue Tracking Vendor Advisory
https://support.f5.com/csp/article/K24465120
http://www.securitytracker.com/id/1040053
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040053