CVE-2017-6160 : What You Need to Know
Learn about CVE-2017-6160 affecting F5 BIG-IP AAM, PEM versions 12.0.0 - 12.1.1, 11.6.0 - 11.6.1, 11.4.1 - 11.5.4. Discover impact, technical details, and mitigation steps.
In versions 12.0.0 through 12.1.1, 11.6.0 through 11.6.1, and 11.4.1 through 11.5.4 of F5 BIG-IP AAM and PEM software, a vulnerability allows a remote attacker to disrupt traffic processing temporarily.
Understanding CVE-2017-6160
This CVE involves a denial of service vulnerability in F5 Networks, Inc.'s BIG-IP AAM and PEM software.
What is CVE-2017-6160?
- Affects versions 12.0.0 - 12.1.1, 11.6.0 - 11.6.1, and 11.4.1 - 11.5.4 of F5 BIG-IP AAM and PEM
- Allows a remote attacker to create a malicious HTTP request causing Traffic Management Microkernel (TMM) to restart
- Virtual servers using Policy Enforcement or Web Acceleration profiles are vulnerable
The Impact of CVE-2017-6160
- TMM restarts, leading to temporary traffic processing failure
- Systems without BIG-IP AAM or PEM modules enabled are not at risk
Technical Details of CVE-2017-6160
This section provides detailed technical information about the vulnerability.
Vulnerability Description
- Remote attacker can disrupt traffic processing by crafting a specific HTTP request
Affected Systems and Versions
- BIG-IP AAM, PEM versions 12.0.0 - 12.1.1, 11.6.0 - 11.6.1, 11.4.1 - 11.5.4
Exploitation Mechanism
- Attacker crafts a carefully designed HTTP request to trigger TMM restart
Mitigation and Prevention
Protect your systems from CVE-2017-6160 with these steps:
Immediate Steps to Take
- Apply vendor-provided patches or updates
- Disable BIG-IP AAM and PEM modules if not essential
- Monitor network traffic for any suspicious activity
Long-Term Security Practices
- Regularly update and patch software and firmware
- Implement network segmentation and access controls
- Conduct regular security audits and assessments
Patching and Updates
- Check F5 Networks' official security advisories for patches and updates