CVE-2017-6147 : Vulnerability Insights and Analysis
Learn about CVE-2017-6147 affecting F5 BIG-IP versions 13.0.0 and 12.1.2-HF1. Discover how enabling 'SSL Forward Proxy' can lead to service disruptions and find mitigation steps.
CVE-2017-6147 was published on September 18, 2017, affecting F5 BIG-IP versions 13.0.0 and 12.1.2-HF1. The vulnerability occurs when the 'SSL Forward Proxy' setting is enabled in both Client and Server SSL profiles, potentially leading to service disruption.
Understanding CVE-2017-6147
What is CVE-2017-6147?
CVE-2017-6147 is a vulnerability in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe versions 12.1.2-HF1 and 13.0.0. Enabling 'SSL Forward Proxy' in both SSL profiles can trigger TMM restarts, causing service interruptions.
The Impact of CVE-2017-6147
The vulnerability can result in a disruption of service due to undisclosed responses triggering TMM restarts when specific SSL settings are configured.
Technical Details of CVE-2017-6147
Vulnerability Description
An undisclosed type of responses can cause TMM restarts when 'SSL Forward Proxy' is enabled in Client and Server SSL profiles on a BIG-IP Virtual Server.
Affected Systems and Versions
- F5 BIG-IP versions 13.0.0 and 12.1.2-HF1
Exploitation Mechanism
- Enabling 'SSL Forward Proxy' in both Client and Server SSL profiles
Mitigation and Prevention
Immediate Steps to Take
- Disable 'SSL Forward Proxy' setting in Client and Server SSL profiles
- Monitor F5 Networks security advisories for updates
Long-Term Security Practices
- Regularly update F5 BIG-IP software to the latest version
- Implement network segmentation and access controls
Patching and Updates
- Apply patches provided by F5 Networks to address the vulnerability