CVE-2017-0304
Severity Score
5.4
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected.
Existe una vulnerabilidad de inyección SQL en la interfaz de usuario de gestión de BIG-IP AFM en versiones 12.0.0, 12.1.0, 12.1.1, 12.1.2 y 13.0.0 que podría permitir que se manipule una copia de las reglas de firewall para que provoque un impacto en Configuration Utility hasta que se vuelvan a sincronizar las reglas. El procesamiento del tráfico y las reglas de firewall activas no se ven afectadas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-11-09 CVE Reserved
- 2017-12-21 CVE Published
- 2023-05-14 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/102332 | Third Party Advisory | |
| http://www.securitytracker.com/id/1040041 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://support.f5.com/csp/article/K39428424 | 2018-01-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| F5 Search vendor "F5" | Big-ip Advanced Firewall Manager Search vendor "F5" for product "Big-ip Advanced Firewall Manager" | 12.0.0 Search vendor "F5" for product "Big-ip Advanced Firewall Manager" and version "12.0.0" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Advanced Firewall Manager Search vendor "F5" for product "Big-ip Advanced Firewall Manager" | 12.1.0 Search vendor "F5" for product "Big-ip Advanced Firewall Manager" and version "12.1.0" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Advanced Firewall Manager Search vendor "F5" for product "Big-ip Advanced Firewall Manager" | 12.1.1 Search vendor "F5" for product "Big-ip Advanced Firewall Manager" and version "12.1.1" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Advanced Firewall Manager Search vendor "F5" for product "Big-ip Advanced Firewall Manager" | 12.1.2 Search vendor "F5" for product "Big-ip Advanced Firewall Manager" and version "12.1.2" | - |
Affected
| ||||||
| F5 Search vendor "F5" | Big-ip Advanced Firewall Manager Search vendor "F5" for product "Big-ip Advanced Firewall Manager" | 13.0.0 Search vendor "F5" for product "Big-ip Advanced Firewall Manager" and version "13.0.0" | - |
Affected
| ||||||