PT-2017-10022 · F5 · F5 Big-Ip

Publicado

2017-05-10

Atualizado

2019-06-06

CVE-2016-9250

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.2.1, 11.4.0 through 11.6.1, 12.0.0 through 12.1.2

Description An issue exists where an unauthenticated user with access to the control plane may be able to delete arbitrary files. The exact mechanism of this issue is not disclosed.

Recommendations For versions 11.2.1, consider restricting access to the control plane to prevent unauthorized file deletion. For versions 11.4.0 through 11.6.1, restrict access to the control plane to minimize the risk of exploitation. For versions 12.0.0 through 12.1.2, limit access to the control plane until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2016-9250

Produtos afetados

F5 Big-Ip

PT-2017-10022 · F5 · F5 Big-Ip

CVE-2016-9250

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3