CVSS: 6.4EPSS: 0%CPEs: 52EXPL: 0CVE-2017-6156
https://notcve.org/view.php?id=CVE-2017-6156
13 Apr 2018 — When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 system is configured with a wildcard IPSec tunnel endpoint, it may allow a remote attacker to disrupt or impersonate the tunnels that have completed phase 1 IPSec negotiations. The attacker must possess the necessary credentials to negotiate the phase 1 of the IPSec exchange to exploit this vulnerability; in many environment this limits the attack surface to other endpoints under the same administration. Cuando el sistema F5 BIG-IP, d... • https://support.f5.com/csp/article/K05263202 •
CVSS: 5.3EPSS: 0%CPEs: 109EXPL: 0CVE-2017-6161
https://notcve.org/view.php?id=CVE-2017-6161
27 Oct 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator software version 12.0.0 - 12.1.2, 11.6.0 - 11.6.1, 11.4.0 - 11.5.4, 11.2.1, when ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypted and authenticate connections to mcpd. This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack via resource exhaustion. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, A... • http://www.securityfocus.com/bid/101636 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 111EXPL: 0CVE-2017-6165
https://notcve.org/view.php?id=CVE-2017-6165
20 Oct 2017 — In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM y WebSafe 11.5.1 HF6 has... • http://www.securityfocus.com/bid/101543 • CWE-532: Insertion of Sensitive Information into Log File •