vulnerability

F5 Networks: K61757346 (CVE-2017-6131): BIG-IP Azure cloud vulnerability CVE-2017-6131

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	May 22, 2017	May 23, 2017	Feb 1, 2018

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

May 22, 2017

Added

May 23, 2017

Modified

Feb 1, 2018

Description

In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH.

Solution

f5-big-ip-upgrade-latest

References

URL-https://support.f5.com/csp/article/K61757346
SECTRACK-1038569
NVD-CVE-2017-6131

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today