CVE-2017-0305

F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature plus SNAT Auto Map option for egress traffic.

Published: Apr 6, 2017
Updated: Apr 13, 2023
CVE: CVE-2017-0305
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
f5 / ssl_intercept_iapp	1.5.7	1.5.7.x
f5 / ssl_intercept_iapp	1.5.0	1.5.0.x

https://support.f5.com/csp/article/K53244431

Vulnerability Database

289,697

CVE-2017-0305