CVE-2016-2084

Name of the Vulnerable Software and Affected Versions F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM versions 11.3.x through 11.4.1 before build 685-HF10 F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM version 11.5.1 before build 10.104.180 F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM version 11.5.2 before 11.5.4 build 0.1.256 F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM version 11.6.0 before build 6.204.442 F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM version 12.0.0 before build 1.14.628 F5 BIG-IP AAM versions 11.3.x through 11.4.1 before build 685-HF10 F5 BIG-IP AAM version 11.5.1 before build 10.104.180 F5 BIG-IP AAM version 11.5.2 before 11.5.4 build 0.1.256 F5 BIG-IP AAM version 11.6.0 before build 6.204.442 F5 BIG-IP AAM version 12.0.0 before build 1.14.628 F5 BIG-IP DNS version 12.0.0 before build 1.14.628 F5 BIG-IP Edge Gateway, WebAccelerator, and WOM version 11.3.0 F5 BIG-IP GTM versions 11.3.x through 11.4.1 before build 685-HF10 F5 BIG-IP GTM version 11.5.1 before build 10.104.180 F5 BIG-IP GTM version 11.5.2 before 11.5.4 build 0.1.256 F5 BIG-IP GTM version 11.6.0 before build 6.204.442 F5 BIG-IP PSM versions 11.3.x through 11.4.1 before build 685-HF10 F5 BIG-IQ Cloud, Device, and Security versions 4.2.0 through 4.5.0 F5 BIG-IQ ADC version 4.5.0

Description The affected F5 BIG-IP products do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure, or Verizon cloud services environments. This issue allows attackers to obtain sensitive information or cause a denial of service by leveraging a target instance configuration.

Recommendations For F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM versions 11.3.x through 11.4.1 before build 685-HF10, update to build 685-HF10 or later. For F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM version 11.5.1 before build 10.104.180, update to build 10.104.180 or later. For F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM version 11.5.2 before 11.5.4 build 0.1.256, update to 11.5.4 build 0.1.256 or later. For F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM version 11.6.0 before build 6.204.442, update to build 6.204.442 or later. For F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM version 12.0.0 before build 1.14.628, update to build 1.14.628 or later. For F5 BIG-IP AAM versions 11.3.x through 11.4.1 before build 685-HF10, update to build 685-HF10 or later. For F5 BIG-IP AAM version 11.5.1 before build 10.104.180, update to build 10.104.180 or later. For F5 BIG-IP AAM version 11.5.2 before 11.5.4 build 0.1.256, update to 11.5.4 build 0.1.256 or later. For F5 BIG-IP AAM version 11.6.0 before build 6.204.442, update to build 6.204.442 or later. For F5 BIG-IP AAM version 12.0.0 before build 1.14.628, update to build 1.14.628 or later. For F5 BIG-IP DNS version 12.0.0 before build 1.14.628, update to build 1.14.628 or later. For F5 BIG-IP Edge Gateway, WebAccelerator, and WOM version 11.3.0, update to a version that properly regenerates certificates and keys. For F5 BIG-IP GTM versions 11.3.x through 11.4.1 before build 685-HF10, update to build 685-HF10 or later. For F5 BIG-IP GTM version 11.5.1 before build 10.104.180, update to build 10.104.180 or later. For F5 BIG-IP GTM version 11.5.2 before 11.5.4 build 0.1.256, update to 11.5.4 build 0.1.256 or later. For F5 BIG-IP GTM version 11.6.0 before build 6.204.442, update to build 6.204.442 or later. For F5 BIG-IP PSM versions 11.3.x through 11.4.1 before build 685-HF10, update to build 685-HF10 or later. For F5 BIG-IQ Cloud, Device, and Security versions 4.2.0 through 4.5.0, update to a version that properly regenerates certificates and keys. For F5 BIG-IQ ADC version 4.5.0, update to a version that properly regenerates certificates and keys.