CVE-2017-0305

CRITICAL

F5 SSL Intercept iApp 1.5.0-1.5.7 - Unauthenticated Remote Command Execution via Explicit Proxy with SNAT Auto Map

Title source: llm
STIX 2.1

Description

F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K53244431

Scores

CVSS v3 9.8
EPSS 0.0290
EPSS Percentile 86.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (3)
f5/ssl_intercept_iapp 1.5.0
f5/ssl_intercept_iapp 1.5.7
F5 Networks/SSL Intercept iApp version 1.5.0 - 1.5.7
Published Apr 06, 2017
Tracked Since Feb 18, 2026