CVE-2017-6165
N/A
N/A
Summary
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| F5 Networks, Inc. | F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe | 12.0.0 through 12.1.2 | affected |
| F5 Networks, Inc. | F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe | 11.6.0 through 11.6.1 HF1 | affected |
| F5 Networks, Inc. | F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe | 11.5.1 HF6 through 11.5.4 HF4 | affected |
Weaknesses
- Information leakage via logfile
ADP Enrichment
CVE Program Container
Additional References
- https://support.f5.com/csp/article/K74759095
- http://www.securitytracker.com/id/1039638
- http://www.securityfocus.com/bid/101543
References
- https://support.f5.com/csp/article/K74759095
- http://www.securitytracker.com/id/1039638
- http://www.securityfocus.com/bid/101543
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.