1. Home
  2. CVE Database
  3. CVE-2017-6131
CRITICAL · 9.8

CVE-2017-6131

In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. T...

Vulnerability Description

In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. The impacted administrative account is the Azure instance administrative user that was created at deployment. The root and admin accounts are not vulnerable. An attacker may be able to remotely access the BIG-IP host via SSH.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
F5Big-Ip Local Traffic Manager12.0.0
F5Big-Ip Application Acceleration Manager12.0.0
F5Big-Ip Advanced Firewall Manager12.0.0
F5Big-Ip Access Policy Manager12.0.0
F5Big-Ip Application Security Manager12.0.0
F5Big-Ip Domain Name System12.0.0
F5Big-Ip Link Controller12.0.0
F5Big-Ip Policy Enforcement Manager12.0.0
F5Big-Ip Websafe12.0.0

Related Weaknesses (CWE)

CWE-798

References

FAQ

What is CVE-2017-6131?

CVE-2017-6131 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and 13.0.0 Azure cloud instance may contain a default administrative password which could be used to remotely log into the BIG-IP system. T...

How severe is CVE-2017-6131?

CVE-2017-6131 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-6131?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Local Traffic Manager, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Access Policy Manager, F5 Big-Ip Application Security Manager.