CVE-2017-6143
Severity CVSS v4.0:
Pending analysis
Type:
CWE-295
Improper Certificate Validation
Publication date:
13/04/2018
Last modified:
21/05/2018
Description
X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server's identity is not properly validated in F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.2, or 11.5.0-11.5.5.
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Base Score 2.0
5.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 11.5.1 (including) | 11.5.5 (including) |
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 11.6.1 (including) | 11.6.2 (including) |
| cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* | 12.1.0 (including) | 12.1.2 (including) |
| cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* | 11.5.1 (including) | 11.5.5 (including) |
| cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* | 11.6.1 (including) | 11.6.2 (including) |
| cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* | 12.1.0 (excluding) | 12.1.2 (including) |
To consult the complete list of CPE names with products and versions, see this page