CVE-2017-0305
First published: Thu Apr 06 2017(Updated: )
F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 SSL Intercept iApp | =1.5.0 | |
| F5 SSL Intercept iApp | =1.5.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-0305?
CVE-2017-0305 has been assigned a severity level that indicates a high risk due to potential remote exploitation and critical system impact.
How do I fix CVE-2017-0305?
To fix CVE-2017-0305, upgrade the F5 SSL Intercept iApp to a version above 1.5.7 where the vulnerability is patched.
What versions of F5 SSL Intercept iApp are affected by CVE-2017-0305?
CVE-2017-0305 affects F5 SSL Intercept iApp versions 1.5.0 through 1.5.7.
What kind of attacks can CVE-2017-0305 enable?
CVE-2017-0305 can enable unauthenticated remote attacks that may allow modification of configurations, extraction of sensitive files, and remote command execution.
Is authentication required to exploit CVE-2017-0305?
No, CVE-2017-0305 can be exploited without authentication.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/f5
- canonical/f5 ssl intercept iapp
- version/f5 ssl intercept iapp/1.5.0
- version/f5 ssl intercept iapp/1.5.7