CVE-2017-0304

MEDIUM

BIG-IP AFM 12.0.0, 12.1.0-12.1.2, 13.0.0 - SQL Injection in Management UI

Title source: llm
STIX 2.1

Description

A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/102332
Issue Tracking, Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K39428424
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040041

Scores

CVSS v3 5.4
EPSS 0.0017
EPSS Percentile 37.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Details

CWE
CWE-89
Status published
Products (7)
f5/big-ip_advanced_firewall_manager 12.0.0
f5/big-ip_advanced_firewall_manager 12.1.0
f5/big-ip_advanced_firewall_manager 12.1.1
f5/big-ip_advanced_firewall_manager 12.1.2
f5/big-ip_advanced_firewall_manager 13.0.0
F5 Networks, Inc./BIG-IP AFM 12.0.0, 12.1.0, 12.1.1, 12.1.2
F5 Networks, Inc./BIG-IP AFM 13.0.0
Published Dec 21, 2017
Tracked Since Feb 18, 2026