CVE-2017-6163 : Security Advisory and Response

F5 Networks, Inc. identified a vulnerability in multiple versions of their BIG-IP software that could lead to a denial of service attack.

Understanding CVE-2017-6163

This CVE involves a specific configuration issue in F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software versions.

What is CVE-2017-6163?

The vulnerability arises when a virtual server is set up with a standard HTTP/2 or SPDY profile alongside a Client SSL profile. If a client sends an excessive number of concurrent streams that surpass the advertised limit, it can disrupt the service. The Traffic Management Microkernel (TMM) data plane is affected, while the control plane remains unaffected.

The Impact of CVE-2017-6163

This vulnerability can be exploited by a remote client to cause a denial of service, potentially disrupting the affected services.

Technical Details of CVE-2017-6163

This section delves into the specifics of the vulnerability.

Vulnerability Description

The issue affects versions 12.0.0 to 12.1.2, 11.6.0 to 11.6.1, and 11.4.0 to 11.5.4 of F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM software.

Affected Systems and Versions

Products: BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM
Versions: 12.0.0 - 12.1.2, 11.6.0, 11.6.1, 11.4.0, 11.5.4

Exploitation Mechanism

Configuration with standard HTTP/2 or SPDY profile and Client SSL profile
Client sending multiple concurrent streams exceeding the advertised limit

Mitigation and Prevention

Protecting systems from this vulnerability is crucial.

Immediate Steps to Take

Apply vendor-provided patches or updates promptly
Monitor network traffic for any unusual patterns

Long-Term Security Practices

Regularly review and update security configurations
Implement network segmentation to contain potential attacks

Patching and Updates

F5 Networks has released patches to address this vulnerability
Regularly check for updates and apply them to ensure system security