Vulnerability Details CVE-2017-6166
In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.0%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
Products affected by CVE-2017-6166
-
cpe:2.3:a:f5:big-ip_afm:*
-
cpe:2.3:a:f5:big-ip_analytics:12.0.0
-
cpe:2.3:a:f5:big-ip_analytics:12.1.0
-
cpe:2.3:a:f5:big-ip_analytics:12.1.1
-
cpe:2.3:a:f5:big-ip_apm:*
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0
-
cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1
-
cpe:2.3:a:f5:big-ip_asm:*
-
cpe:2.3:a:f5:big-ip_dns:12.0.0
-
cpe:2.3:a:f5:big-ip_dns:12.1.0
-
cpe:2.3:a:f5:big-ip_dns:12.1.1
-
cpe:2.3:a:f5:big-ip_link_controller:12.0.0
-
cpe:2.3:a:f5:big-ip_link_controller:12.1.0
-
cpe:2.3:a:f5:big-ip_link_controller:12.1.1
-
cpe:2.3:a:f5:big-ip_ltm:*
-
cpe:2.3:a:f5:big-ip_pem:*
-
cpe:2.3:a:f5:f5_websafe:*
-
cpe:2.3:a:f5:linerate:2.5.0
-
cpe:2.3:a:f5:linerate:2.6.2