CVE-2017-6165
CRITICALF5 Big-ip Access Policy Manager - Log Information Exposure
Title source: ruleDescription
In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K74759095
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1039638
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101543
Scores
CVSS v3
9.8
EPSS
0.0195
EPSS Percentile
83.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-532
Status
published
Products (50)
f5/big-ip_access_policy_manager
11.5.1
f5/big-ip_access_policy_manager
11.5.2
f5/big-ip_access_policy_manager
11.5.3
f5/big-ip_access_policy_manager
11.5.4
f5/big-ip_access_policy_manager
11.6.0
f5/big-ip_access_policy_manager
11.6.1
f5/big-ip_access_policy_manager
12.0.0
f5/big-ip_access_policy_manager
12.1.0
f5/big-ip_access_policy_manager
12.1.1
f5/big-ip_access_policy_manager
12.1.2
... and 40 more
Published
Oct 20, 2017
Tracked Since
Feb 18, 2026