F5 Networks BIG-IP : ConfigSync mcpd vulnerability (K62279530)
Low Nessus Plugin ID 104193
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionWhen configuration synchronization (ConfigSync) is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypt and authenticate connections to mcpd. (CVE-2017-6161)
This vulnerability may allow remote attackers to cause a denial-of-service (DoS) attack by way of resource exhaustion.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K62279530.