F5 BIG-IP Policy Enforcement Manager URL Categorization Denial of Service Vulnerability
A vulnerability in F5 BIG-IP could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability is in the Policy Enforcement Manager (PEM) and is due to insufficient validation of user-supplied input by the affected system. An attacker could exploit this vulnerability by submitting a crafted URL to a targeted system. A successful exploit could cause the system to stop functioning, resulting in a DoS condition on the system.
F5 Networks has confirmed the vulnerability and released software updates.
CVE Number – CVE-2017-6169
-
To exploit this vulnerability, an attacker must submit a crafted URL to the targeted system, making exploitation more difficult in environments that restrict network access from untrusted sources.
-
Administrators are advised to apply the appropriate updates.
Users should verify that unsolicited links are safe to follow.
Administrators are advised to monitor affected systems.
-
F5 Networks has released a security advisory at the following link: K31404801
-
-
F5 Networks customers are advised to upgrade to a software version that is not vulnerable, as described in the F5 Networks security advisory. Software updates are available for registered customers at the following link: F5 Networks
-
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.