PT-2016-6648 · F5 · F5 Big-Ip

Publicado

2016-10-03

Atualizado

2016-11-28

CVE-2016-5700

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions F5 BIG-IP systems versions 11.5.0 through 11.5.4 before HF2 F5 BIG-IP systems versions 11.6.0 through 11.6.1 before HF1 F5 BIG-IP systems versions 12.0.0 through 12.1.0 before HF2

Description The issue allows remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors when the HTTP Explicit Proxy functionality or SOCKS profile is configured.

Recommendations For versions 11.5.0 through 11.5.4 before HF2, apply the HF11 or HF2 hotfix to resolve the issue. For versions 11.6.0 through 11.6.1 before HF1, apply the HF8 or HF1 hotfix to resolve the issue. For versions 12.0.0 through 12.1.0 before HF2, apply the HF4 or HF2 hotfix to resolve the issue.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2016-5700

Produtos afetados

F5 Big-Ip

PT-2016-6648 · F5 · F5 Big-Ip

CVE-2016-5700

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5