PT-2016-6221 · F5 · F5 Big-Ip

Published

2016-06-30

Updated

2019-06-06

CVE-2016-5020

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 12.0.0 HF3

Description The issue allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script.

Recommendations For versions prior to 12.0.0 HF3, update to version 12.0.0 HF3 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2016-5020

Affected Products

F5 Big-Ip

PT-2016-6221 · F5 · F5 Big-Ip

CVE-2016-5020

Weakness Enumeration

Related Identifiers

Affected Products

References · 5