Vulnerability Name: CVE-2017-6168 (CCN-135008) Assigned: 2017-11-17 Published: 2017-11-17 Updated: 2021-09-23 Summary: On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack. CVSS v3 Severity: 7.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N )6.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): None
9.1 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N )7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): None
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
9.4 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:N )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): None
Vulnerability Type: CWE-203 Vulnerability Consequences: Obtain Information References: Source: MITRE Type: CNACVE-2017-6168 Source: CCN Type: IBM Security Bulletin 2015061 (Sterling B2B Integrator)IBM Sterling B2B Integrator is Vulnerable to a Robot Security Vulnerability (CVE-2017-6168) Source: CCN Type: IBM Security Bulletin 2015539 (PredictiveInsight)Multiple Security Vulnerabilities Impact IBM Predictive Insights Source: CCN Type: US-CERT VU#144389TLS implementations may disclose side channel information via discrepencies between valid and invalid PKCS#1 padding Source: BID Type: Third Party Advisory, VDB Entry101901 Source: CCN Type: BID-101901Multiple F5 BIG-IP Products CVE-2017-6168 Information Disclosure Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry1039839 Source: XF Type: UNKNOWNf5-bigip-cve20176168-info-disc(135008) Source: CCN Type: Robot Attack Web siteThe ROBOT Attack Source: MISC Type: Technical Description, Third Party Advisoryhttps://robotattack.org/ Source: CCN Type: F5 Security Advisory K21905460BIG-IP SSL vulnerability CVE-2017-6168 Source: CONFIRM Type: Issue Tracking, Mitigation, Vendor Advisoryhttps://support.f5.com/csp/article/K21905460 Source: CERT-VN Type: Third Party Advisory, US Government ResourceVU#144389 Vulnerable Configuration: Configuration 1 :cpe:/a:f5:big-ip_ltm:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.2)OR cpe:/a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_ltm:*:*:*:*:*:*:*:* (Version >= 11.6.0 and <= 11.6.2) Configuration 2 :cpe:/a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.2) OR cpe:/a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* (Version >= 11.6.0 and <= 11.6.2) Configuration 3 :cpe:/a:f5:big-ip_afm:*:*:*:*:*:*:*:* (Version >= 11.6.0 and <= 11.6.2)OR cpe:/a:f5:big-ip_afm:13.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_afm:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.2) Configuration 4 :cpe:/a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.2) OR cpe:/a:f5:big-ip_analytics:*:*:*:*:*:*:*:* (Version >= 11.6.0 and <= 11.6.2) Configuration 5 :cpe:/a:f5:big-ip_apm:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.2)OR cpe:/a:f5:big-ip_apm:13.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_apm:*:*:*:*:*:*:*:* (Version >= 11.6.0 and <= 11.6.2) Configuration 6 :cpe:/a:f5:big-ip_asm:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.2)OR cpe:/a:f5:big-ip_asm:*:*:*:*:*:*:*:* (Version >= 11.6.0 and <= 11.6.2) OR cpe:/a:f5:big-ip_asm:13.0.0:*:*:*:*:*:*:* Configuration 7 :cpe:/a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (Version >= 11.6.0 and <= 11.6.2)OR cpe:/a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.2) Configuration 8 :cpe:/a:f5:big-ip_pem:13.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_pem:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.2) OR cpe:/a:f5:big-ip_pem:*:*:*:*:*:*:*:* (Version >= 11.6.0 and <= 11.6.2) Configuration 9 :cpe:/a:f5:websafe:13.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:websafe:*:*:*:*:*:*:*:* (Version >= 12.0.0 and <= 12.1.2) OR cpe:/a:f5:websafe:11.6.2:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_afm:13.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_asm:13.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_dns:13.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_pem:13.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_websafe:13.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:12.1.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:12.1.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_websafe:12.1.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:12.1.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_dns:12.1.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_dns:12.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_pem:12.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_websafe:12.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:11.6.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:11.6.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:11.6.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_global_traffic_manager:11.6.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.6.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_pem:11.6.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_pem:11.6.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_websafe:11.6.0:*:*:*:*:*:*:* AND cpe:/a:ibm:sterling_b2b_integrator:5.2:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:5.2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:5.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:5.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:5.2.3:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:5.2.5:*:*:*:*:*:*:* Denotes that component is vulnerable BACK
f5 big-ip ltm *
f5 big-ip ltm 13.0.0
f5 big-ip ltm *
f5 big-ip application acceleration manager 13.0.0
f5 big-ip application acceleration manager *
f5 big-ip application acceleration manager *
f5 big-ip afm *
f5 big-ip afm 13.0.0
f5 big-ip afm *
f5 big-ip analytics 13.0.0
f5 big-ip analytics *
f5 big-ip analytics *
f5 big-ip apm *
f5 big-ip apm 13.0.0
f5 big-ip apm *
f5 big-ip asm *
f5 big-ip asm *
f5 big-ip asm 13.0.0
f5 big-ip link controller *
f5 big-ip link controller 13.0.0
f5 big-ip link controller *
f5 big-ip pem 13.0.0
f5 big-ip pem *
f5 big-ip pem *
f5 websafe 13.0.0
f5 websafe *
f5 websafe 11.6.2
f5 big-ip local traffic manager 11.6.0
f5 big-ip access policy manager 11.6.0
f5 big-ip local traffic manager 13.0.0
f5 big-ip aam 13.0.0
f5 big-ip afm 13.0.0
f5 big-ip analytics 13.0.0
f5 big-ip access policy manager 13.0.0
f5 big-ip asm 13.0.0
f5 big-ip dns 13.0.0
f5 big-ip link controller 13.0.0
f5 big-ip pem 13.0.0
f5 big-ip websafe 13.0.0
f5 big-ip local traffic manager 12.1.2
f5 big-ip access policy manager 12.1.2
f5 big-ip link controller 12.1.2
f5 big-ip websafe 12.1.2
f5 big-ip analytics 12.1.2
f5 big-ip dns 12.1.2
f5 big-ip local traffic manager 12.0.0
f5 big-ip analytics 12.0.0
f5 big-ip access policy manager 12.0.0
f5 big-ip dns 12.0.0
f5 big-ip global traffic manager 11.6.0
f5 big-ip link controller 12.0.0
f5 big-ip pem 12.0.0
f5 big-ip websafe 12.0.0
f5 big-ip local traffic manager 11.6.2
f5 big-ip analytics 11.6.2
f5 big-ip access policy manager 11.6.2
f5 big-ip global traffic manager 11.6.2
f5 big-ip link controller 11.6.2
f5 big-ip pem 11.6.2
f5 big-ip analytics 11.6.0
f5 big-ip link controller 11.6.0
f5 big-ip pem 11.6.0
f5 big-ip websafe 11.6.0
ibm sterling b2b integrator 5.2
ibm sterling b2b integrator 5.2.4
ibm sterling b2b integrator 5.2.1
ibm sterling b2b integrator 5.2.2
ibm sterling b2b integrator 5.2.3
ibm sterling b2b integrator 5.2.5