CyberSec.Space Logo
Back to CVE Browser

CVE-2017-6164

HIGH
8.1
CVSS Severity Score
EPSS Score0.0970%
EPSS Percentile22.35th
PublishedDec 21, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, 12.0.0 - 12.1.2, 11.6.0 - 11.6.1 and 11.5.0 - 11.5.4, in some circumstances, Traffic Management Microkernel (TMM) does not properly handle certain malformed TLS1.2 records, which allows remote attackers to cause a denial-of-service (DoS) or possible remote command execution on the BIG-IP system.

Affected Platforms (CPE)

📦
F5

Big Ip Local Traffic Manager

>= 11.6.0 and <= 11.6.1
📦
F5

Big Ip Local Traffic Manager

>= 12.0.0 and <= 12.1.2
📦
F5

Big Ip Local Traffic Manager

= 11.5.0
📦
F5

Big Ip Local Traffic Manager

= 11.5.1
📦
F5

Big Ip Local Traffic Manager

= 11.5.2
📦
F5

Big Ip Local Traffic Manager

= 11.5.3
📦
F5

Big Ip Local Traffic Manager

= 11.5.4
📦
F5

Big Ip Local Traffic Manager

= 13.0.0
📦
F5

Big Ip Application Acceleration Manager

>= 11.6.0 and <= 11.6.1
📦
F5

Big Ip Application Acceleration Manager

>= 12.0.0 and <= 12.1.2
📦
F5

Big Ip Application Acceleration Manager

= 11.5.0
📦
F5

Big Ip Application Acceleration Manager

= 11.5.1
📦
F5

Big Ip Application Acceleration Manager

= 11.5.2
📦
F5

Big Ip Application Acceleration Manager

= 11.5.3
📦
F5

Big Ip Application Acceleration Manager

= 11.5.4
📦
F5

Big Ip Application Acceleration Manager

= 13.0.0
📦
F5

Big Ip Advanced Firewall Manager

>= 11.6.0 and <= 11.6.1
📦
F5

Big Ip Advanced Firewall Manager

>= 12.0.0 and <= 12.1.2
📦
F5

Big Ip Advanced Firewall Manager

= 11.5.0
📦
F5

Big Ip Advanced Firewall Manager

= 11.5.1
📦
F5

Big Ip Advanced Firewall Manager

= 11.5.2
📦
F5

Big Ip Advanced Firewall Manager

= 11.5.3
📦
F5

Big Ip Advanced Firewall Manager

= 11.5.4
📦
F5

Big Ip Advanced Firewall Manager

= 13.0.0
📦
F5

Big Ip Analytics

>= 11.6.0 and <= 11.6.1
📦
F5

Big Ip Analytics

>= 12.0.0 and <= 12.1.2
📦
F5

Big Ip Analytics

= 11.5.0
📦
F5

Big Ip Analytics

= 11.5.1
📦
F5

Big Ip Analytics

= 11.5.2
📦
F5

Big Ip Analytics

= 11.5.3
📦
F5

Big Ip Analytics

= 11.5.4
📦
F5

Big Ip Analytics

= 13.0.0
📦
F5

Big Ip Access Policy Manager

>= 11.6.0 and <= 11.6.1
📦
F5

Big Ip Access Policy Manager

>= 12.0.0 and <= 12.1.2
📦
F5

Big Ip Access Policy Manager

= 11.5.0
📦
F5

Big Ip Access Policy Manager

= 11.5.1
📦
F5

Big Ip Access Policy Manager

= 11.5.2
📦
F5

Big Ip Access Policy Manager

= 11.5.3
📦
F5

Big Ip Access Policy Manager

= 11.5.4
📦
F5

Big Ip Access Policy Manager

= 13.0.0
📦
F5

Big Ip Application Security Manager

>= 11.6.0 and <= 11.6.1
📦
F5

Big Ip Application Security Manager

>= 12.0.0 and <= 12.1.2
📦
F5

Big Ip Application Security Manager

= 11.5.0
📦
F5

Big Ip Application Security Manager

= 11.5.1
📦
F5

Big Ip Application Security Manager

= 11.5.2
📦
F5

Big Ip Application Security Manager

= 11.5.3
📦
F5

Big Ip Application Security Manager

= 11.5.4
📦
F5

Big Ip Application Security Manager

= 13.0.0
📦
F5

Big Ip Dns

>= 11.6.0 and <= 11.6.1
📦
F5

Big Ip Dns

>= 12.0.0 and <= 12.1.2
📦
F5

Big Ip Dns

= 11.5.0
📦
F5

Big Ip Dns

= 11.5.1
📦
F5

Big Ip Dns

= 11.5.2
📦
F5

Big Ip Dns

= 11.5.3
📦
F5

Big Ip Dns

= 11.5.4
📦
F5

Big Ip Dns

= 13.0.0
📦
F5

Big Ip Global Traffic Manager

>= 11.6.0 and <= 11.6.1
📦
F5

Big Ip Global Traffic Manager

>= 12.0.0 and <= 12.1.2
📦
F5

Big Ip Global Traffic Manager

= 11.5.0
📦
F5

Big Ip Global Traffic Manager

= 11.5.1
📦
F5

Big Ip Global Traffic Manager

= 11.5.2
📦
F5

Big Ip Global Traffic Manager

= 11.5.3
📦
F5

Big Ip Global Traffic Manager

= 11.5.4
📦
F5

Big Ip Global Traffic Manager

= 13.0.0
📦
F5

Big Ip Link Controller

>= 11.6.0 and <= 11.6.1
📦
F5

Big Ip Link Controller

>= 12.0.0 and <= 12.1.2
📦
F5

Big Ip Link Controller

= 11.5.0
📦
F5

Big Ip Link Controller

= 11.5.1
📦
F5

Big Ip Link Controller

= 11.5.2
📦
F5

Big Ip Link Controller

= 11.5.3
📦
F5

Big Ip Link Controller

= 11.5.4
📦
F5

Big Ip Link Controller

= 13.0.0
📦
F5

Big Ip Policy Enforcement Manager

>= 11.6.0 and <= 11.6.1
📦
F5

Big Ip Policy Enforcement Manager

>= 12.0.0 and <= 12.1.2
📦
F5

Big Ip Policy Enforcement Manager

= 11.5.0
📦
F5

Big Ip Policy Enforcement Manager

= 11.5.1
📦
F5

Big Ip Policy Enforcement Manager

= 11.5.2
📦
F5

Big Ip Policy Enforcement Manager

= 11.5.3
📦
F5

Big Ip Policy Enforcement Manager

= 11.5.4
📦
F5

Big Ip Policy Enforcement Manager

= 13.0.0
📦
F5

Big Ip Websafe

>= 11.6.0 and <= 11.6.1
📦
F5

Big Ip Websafe

>= 12.0.0 and <= 12.1.2
📦
F5

Big Ip Websafe

= 11.5.0
📦
F5

Big Ip Websafe

= 11.5.1
📦
F5

Big Ip Websafe

= 11.5.2
📦
F5

Big Ip Websafe

= 11.5.3
📦
F5

Big Ip Websafe

= 11.5.4
📦
F5

Big Ip Websafe

= 13.0.0
📦
F5

Big Ip Edge Gateway

>= 11.6.0 and <= 11.6.1
📦
F5

Big Ip Edge Gateway

>= 12.0.0 and <= 12.1.2
📦
F5

Big Ip Edge Gateway

= 11.5.0
📦
F5

Big Ip Edge Gateway

= 11.5.1
📦
F5

Big Ip Edge Gateway

= 11.5.2
📦
F5

Big Ip Edge Gateway

= 11.5.3
📦
F5

Big Ip Edge Gateway

= 11.5.4
📦
F5

Big Ip Edge Gateway

= 13.0.0
📦
F5

Big Ip Webaccelerator

>= 11.6.0 and <= 11.6.1
📦
F5

Big Ip Webaccelerator

>= 12.0.0 and <= 12.1.2
📦
F5

Big Ip Webaccelerator

= 11.5.0
📦
F5

Big Ip Webaccelerator

= 11.5.1
📦
F5

Big Ip Webaccelerator

= 11.5.2
📦
F5

Big Ip Webaccelerator

= 11.5.3
📦
F5

Big Ip Webaccelerator

= 11.5.4
📦
F5

Big Ip Webaccelerator

= 13.0.0

References & Advisories

🔗 http://www.securitytracker.com/id/1040054
🔗 https://support.f5.com/csp/article/K02714910
🔗 http://www.securitytracker.com/id/1040054
🔗 https://support.f5.com/csp/article/K02714910

Related Vulnerabilities

CVE-2017-1040210.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report...

CVE-2017-1040510.0

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report...

CVE-2017-1290510.0

Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information ...

CVE-2017-1015110.0

Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported vers...