8.5
CVSSv2

CVE-2017-6167

Published: 21/12/2017 Updated: 09/01/2018
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
CVSS v3 Base Score: 7.5 | Impact Score: 5.9 | Exploitability Score: 1.6
VMScore: 756
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Summary

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected.

Affected Products

Vendor Product Versions
F5Big-ip Access Policy Manager12.1.0, 12.1.1, 12.1.2, 13.0.0
F5Big-ip Advanced Firewall Manager12.1.0, 12.1.1, 12.1.2, 13.0.0
F5Big-ip Analytics12.1.0, 12.1.1, 12.1.2, 13.0.0
F5Big-ip Application Acceleration Manager12.1.0, 12.1.1, 12.1.2, 13.0.0
F5Big-ip Application Security Manager12.1.0, 12.1.1, 12.1.2, 13.0.0
F5Big-ip Dns13.0.0
F5Big-ip Link Controller12.1.0, 12.1.1, 12.1.2, 13.0.0
F5Big-ip Local Traffic Manager12.1.0, 12.1.1, 12.1.2, 13.0.0
F5Big-ip Policy Enforcement Manager12.1.0, 12.1.1, 12.1.2, 13.0.0
F5Big-ip Websafe12.1.0, 12.1.1, 12.1.2, 13.0.0