CVE-2017-6144
N/A
N/A
Summary
In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type Allocation Code (TAC) database file via HTTPS, the server's certificate is not verified. Attackers in a privileged network position may be able to launch a man-in-the-middle attack against these connections. TAC databases are used in BIG-IP PEM for Device Type and OS (DTOS) and Tethering detection. Customers not using BIG-IP PEM, not configuring downloads of TAC database files, or not using HTTP for that download are not affected.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| F5 Networks, Inc. | F5 BIG-IP PEM | 12.1.0 through 12.1.2 | affected |
Weaknesses
- Certificate verification vulnerability
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.