Vulnerabilities > CVE-2017-6157 - Unspecified vulnerability in F5 products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.5.0 - 11.5.4, virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system.
Vulnerable Configurations
Nessus
| NASL family | F5 Networks Local Security Checks |
| NASL id | F5_BIGIP_SOL02692210.NASL |
| description | BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system. (CVE-2017-6157) Note : This vulnerability covers the scenarios that were not addressed in K35520031: BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2016-5700. F5 Technical Support has no additional information about this issue. Impact When this vulnerability is successfully exploited, a remote attacker may be able to modify the system configuration or extract sensitive system files. |
| last seen | 2020-03-17 |
| modified | 2017-10-27 |
| plugin id | 104187 |
| published | 2017-10-27 |
| reporter | This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/104187 |
| title | F5 Networks BIG-IP : BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability (K02692210) |