CVSS: 8.5EPSS: 0%CPEs: 20EXPL: 0CVE-2017-6167
https://notcve.org/view.php?id=CVE-2017-6167
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected. En F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM y WebSafe, en versiones 13.0.0 y de la 12.1.0 a la 12.1.2, las condiciones de carrera en iControl REST pueden conducir a la ejecución de comandos con niveles de privilegios diferentes a los esperados. • http://www.securitytracker.com/id/1040053 https://support.f5.com/csp/article/K24465120 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.9EPSS: 0%CPEs: 11EXPL: 0CVE-2017-6166
https://notcve.org/view.php?id=CVE-2017-6166
In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe software 12.0.0 to 12.1.1, in some cases the Traffic Management Microkernel (TMM) may crash when processing fragmented packets. This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. If the affected BIG-IP system is configured as part of a device group, it will trigger a failover to the peer device. En el software BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM y WebSafe desde la versión 12.0.0 a la 12.1.1, en algunos casos, el componente Traffic Management Microkernel (TMM) podría cerrarse inesperadamente al procesar paquetes fragmentados. • http://www.securityfocus.com/bid/102264 http://www.securitytracker.com/id/1039949 https://support.f5.com/csp/article/K65615624 • CWE-415: Double Free •