Published: 23/05/2017 Updated: 08/07/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH.

Vulnerable Product	Search on Vulmon	Subscribe to Product
f5 big-ip local traffic manager 13.0.0
f5 big-ip local traffic manager 12.0.0
f5 big-ip local traffic manager 12.1.0
f5 big-ip local traffic manager 12.1.1
f5 big-ip local traffic manager 12.1.2
f5 big-ip application acceleration manager 12.1.2
f5 big-ip application acceleration manager 13.0.0
f5 big-ip application acceleration manager 12.0.0
f5 big-ip application acceleration manager 12.1.0
f5 big-ip application acceleration manager 12.1.1
f5 big-ip advanced firewall manager 13.0.0
f5 big-ip advanced firewall manager 12.0.0
f5 big-ip advanced firewall manager 12.1.0
f5 big-ip advanced firewall manager 12.1.1
f5 big-ip advanced firewall manager 12.1.2
f5 big-ip access policy manager 12.0.0
f5 big-ip access policy manager 12.1.0
f5 big-ip access policy manager 12.1.1
f5 big-ip access policy manager 12.1.2
f5 big-ip access policy manager 13.0.0
f5 big-ip application security manager 12.1.1
f5 big-ip application security manager 12.1.2
f5 big-ip application security manager 13.0.0
f5 big-ip application security manager 12.0.0
f5 big-ip application security manager 12.1.0
f5 big-ip domain name system 13.0.0
f5 big-ip domain name system 12.0.0
f5 big-ip domain name system 12.1.0
f5 big-ip domain name system 12.1.1
f5 big-ip domain name system 12.1.2
f5 big-ip link controller 13.0.0
f5 big-ip link controller 12.0.0
f5 big-ip link controller 12.1.0
f5 big-ip link controller 12.1.1
f5 big-ip link controller 12.1.2
f5 big-ip policy enforcement manager 12.1.0
f5 big-ip policy enforcement manager 12.1.1
f5 big-ip policy enforcement manager 12.1.2
f5 big-ip policy enforcement manager 13.0.0
f5 big-ip policy enforcement manager 12.0.0
f5 big-ip websafe 12.1.2
f5 big-ip websafe 13.0.0
f5 big-ip websafe 12.0.0
f5 big-ip websafe 12.1.0
f5 big-ip websafe 12.1.1

CWE-798 https://support.f5.com/csp/article/K61757346 http://www.securitytracker.com/id/1038569 https://nvd.nist.gov

CVE-2017-6131

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect