CVE-2017-6165

Summary

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file.

Affected Software

VendorProductVersion RangeStatus
F5 Networks, Inc.F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe12.0.0 through 12.1.2affected
F5 Networks, Inc.F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe11.6.0 through 11.6.1 HF1affected
F5 Networks, Inc.F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe11.5.1 HF6 through 11.5.4 HF4affected

Weaknesses

  • Information leakage via logfile

ADP Enrichment

CVE Program Container

Additional References

References