An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to non-default setting "enabled". The default value for the tm.tcpprogressive db variable is "negotiate". An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.
No CVSS v3.1
Attack Vector Network
Attack Complexity High
Privileges Required None
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact High
User Interaction None
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Partial
AV:N/AC:M/Au:N/C:N/I:N/A:P
Vendors | Products |
---|---|
F5 |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
|
Configuration 9 [-]
|
Configuration 10 [-]
|
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/97119 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1038121 | |
https://support.f5.com/csp/article/K13053402 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: f5
Published: 2017-03-23T14:00:00
Updated: 2017-07-11T09:57:01
Reserved: 2016-09-09T00:00:00
Link: CVE-2016-7468
JSON object: View
NVD Information
Status : Modified
Published: 2017-03-23T14:59:00.143
Modified: 2019-06-06T15:11:36.407
Link: CVE-2016-7468
JSON object: View
Redhat Information
No data.
CWE