Vulnerability & Exploit Database

Back to search

F5 Networks: K21905460 (CVE-2017-6168): BIG-IP SSL vulnerability CVE-2017-6168

Severity CVSS Published Added Modified
4 (AV:N/AC:M/Au:N/C:P/I:N/A:N) November 16, 2017 November 16, 2017 December 04, 2017

Description

On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

f5-big-ip-upgrade-latest