CVE-2017-6165

critical

Published 2017-10-20 · Modified 2026-05-13

CVSS v3

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2

5.0

VIR risk

9.8

Description

In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, and WebSafe 11.5.1 HF6 through 11.5.4 HF4, 11.6.0 through 11.6.1 HF1, and 12.0.0 through 12.1.2 on VIPRION platforms only, the script which synchronizes SafeNet External Network HSM configuration elements between blades in a clustered deployment will log the HSM partition password in cleartext to the "/var/log/ltm" log file.

Predictions

Exploit likelihood

97%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: f5sirt@f5.com — https://support.f5.com/csp/article/K74759095

Application impact

Vendor	Product	Versions
f5	big-ip_access_policy_manager	`11.5.1`
f5	big-ip_access_policy_manager	`11.5.2`
f5	big-ip_access_policy_manager	`11.5.3`
f5	big-ip_access_policy_manager	`11.5.4`
f5	big-ip_access_policy_manager	`11.6.0`
f5	big-ip_access_policy_manager	`11.6.1`
f5	big-ip_access_policy_manager	`12.0.0`
f5	big-ip_access_policy_manager	`12.1.0`
f5	big-ip_access_policy_manager	`12.1.1`
f5	big-ip_access_policy_manager	`12.1.2`
f5	big-ip_advanced_firewall_manager	`11.5.1`
f5	big-ip_advanced_firewall_manager	`11.5.2`
f5	big-ip_advanced_firewall_manager	`11.5.3`
f5	big-ip_advanced_firewall_manager	`11.5.4`
f5	big-ip_advanced_firewall_manager	`11.6.0`
f5	big-ip_advanced_firewall_manager	`11.6.1`
f5	big-ip_advanced_firewall_manager	`12.0.0`
f5	big-ip_advanced_firewall_manager	`12.1.0`
f5	big-ip_advanced_firewall_manager	`12.1.1`
f5	big-ip_advanced_firewall_manager	`12.1.2`
f5	big-ip_analytics	`11.5.1`
f5	big-ip_analytics	`11.5.2`
f5	big-ip_analytics	`11.5.3`
f5	big-ip_analytics	`11.5.4`
f5	big-ip_analytics	`11.6.0`
f5	big-ip_analytics	`11.6.1`
f5	big-ip_analytics	`12.0.0`
f5	big-ip_analytics	`12.1.0`
f5	big-ip_analytics	`12.1.1`
f5	big-ip_analytics	`12.2.0`
f5	big-ip_application_acceleration_manager	`11.5.1`
f5	big-ip_application_acceleration_manager	`11.5.2`
f5	big-ip_application_acceleration_manager	`11.5.3`
f5	big-ip_application_acceleration_manager	`11.5.4`
f5	big-ip_application_acceleration_manager	`11.6.0`
f5	big-ip_application_acceleration_manager	`11.6.1`
f5	big-ip_application_acceleration_manager	`12.0.0`
f5	big-ip_application_acceleration_manager	`12.1.0`
f5	big-ip_application_acceleration_manager	`12.1.1`
f5	big-ip_application_acceleration_manager	`12.1.2`
f5	big-ip_application_security_manager	`11.5.1`
f5	big-ip_application_security_manager	`11.5.2`
f5	big-ip_application_security_manager	`11.5.3`
f5	big-ip_application_security_manager	`11.5.4`
f5	big-ip_application_security_manager	`11.6.0`
f5	big-ip_application_security_manager	`11.6.1`
f5	big-ip_application_security_manager	`12.0.0`
f5	big-ip_application_security_manager	`12.1.0`
f5	big-ip_application_security_manager	`12.1.1`
f5	big-ip_application_security_manager	`12.1.2`
f5	big-ip_domain_name_system	`11.5.1`
f5	big-ip_domain_name_system	`11.5.2`
f5	big-ip_domain_name_system	`11.5.3`
f5	big-ip_domain_name_system	`11.5.4`
f5	big-ip_domain_name_system	`11.6.0`
f5	big-ip_domain_name_system	`11.6.1`
f5	big-ip_domain_name_system	`12.0.0`
f5	big-ip_domain_name_system	`12.1.0`
f5	big-ip_domain_name_system	`12.1.1`
f5	big-ip_domain_name_system	`12.1.2`
f5	big-ip_global_traffic_manager	`11.5.1`
f5	big-ip_global_traffic_manager	`11.5.2`
f5	big-ip_global_traffic_manager	`11.5.3`
f5	big-ip_global_traffic_manager	`11.5.4`
f5	big-ip_global_traffic_manager	`11.6.0`
f5	big-ip_global_traffic_manager	`11.6.1`
f5	big-ip_global_traffic_manager	`12.0.0`
f5	big-ip_global_traffic_manager	`12.1.0`
f5	big-ip_global_traffic_manager	`12.1.1`
f5	big-ip_global_traffic_manager	`12.1.2`
f5	big-ip_link_controller	`11.5.1`
f5	big-ip_link_controller	`11.5.2`
f5	big-ip_link_controller	`11.5.3`
f5	big-ip_link_controller	`11.5.4`
f5	big-ip_link_controller	`11.6.0`
f5	big-ip_link_controller	`11.6.1`
f5	big-ip_link_controller	`12.0.0`
f5	big-ip_link_controller	`12.1.0`
f5	big-ip_link_controller	`12.1.1`
f5	big-ip_link_controller	`12.1.2`
f5	big-ip_local_traffic_manager	`11.5.1`
f5	big-ip_local_traffic_manager	`11.5.2`
f5	big-ip_local_traffic_manager	`11.5.3`
f5	big-ip_local_traffic_manager	`11.5.4`
f5	big-ip_local_traffic_manager	`11.6.0`
f5	big-ip_local_traffic_manager	`11.6.1`
f5	big-ip_local_traffic_manager	`12.0.0`
f5	big-ip_local_traffic_manager	`12.1.0`
f5	big-ip_local_traffic_manager	`12.1.1`
f5	big-ip_local_traffic_manager	`12.1.2`
f5	big-ip_policy_enforcement_manager	`11.5.1`
f5	big-ip_policy_enforcement_manager	`11.5.2`
f5	big-ip_policy_enforcement_manager	`11.5.3`
f5	big-ip_policy_enforcement_manager	`11.5.4`
f5	big-ip_policy_enforcement_manager	`11.6.0`
f5	big-ip_policy_enforcement_manager	`11.6.1`
f5	big-ip_policy_enforcement_manager	`12.0.0`
f5	big-ip_policy_enforcement_manager	`12.1.0`
f5	big-ip_policy_enforcement_manager	`12.1.1`
f5	big-ip_policy_enforcement_manager	`12.1.2`
f5	big-ip_websafe	`11.5.1`
f5	big-ip_websafe	`11.5.2`
f5	big-ip_websafe	`11.5.3`
f5	big-ip_websafe	`11.5.4`
f5	big-ip_websafe	`11.6.0`
f5	big-ip_websafe	`11.6.1`
f5	big-ip_websafe	`12.0.0`
f5	big-ip_websafe	`12.1.0`
f5	big-ip_websafe	`12.1.1`
f5	big-ip_websafe	`12.1.2`

References

CWEs

CWE-532

Verify integrity in audit chain (admin only). AS-IS.