PT-2016-6222 · F5 · Big-Ip Apm+14
Published
2016-06-24
·
Updated
2016-08-18
·
CVE-2016-5021
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM versions 11.5.x through 11.5.3
F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM versions 11.6.x through 11.6.0
F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM versions 12.x through 12.0.0 before HF3
F5 BIG-IP DNS versions 12.x through 12.0.0 before HF3
F5 BIG-IP GTM versions 11.5.x through 11.5.3
F5 BIG-IP GTM versions 11.6.x through 11.6.0
F5 BIG-IQ Cloud and Security versions 4.0.0 through 4.5.0
F5 BIG-IQ Device versions 4.2.0 through 4.5.0
F5 BIG-IQ ADC version 4.5.0
F5 BIG-IQ Centralized Management version 4.6.0
F5 BIG-IQ Cloud and Orchestration version 1.0.0
Description
The iControl REST service allows remote authenticated administrators to obtain sensitive information via unspecified vectors.
Recommendations
For F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM versions 11.5.x through 11.5.3, update to version 11.5.4 or later.
For F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM versions 11.6.x through 11.6.0, update to version 11.6.1 or later.
For F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM versions 12.x through 12.0.0 before HF3, update to version 12.0.0 HF3 or later.
For F5 BIG-IP DNS versions 12.x through 12.0.0 before HF3, update to version 12.0.0 HF3 or later.
For F5 BIG-IP GTM versions 11.5.x through 11.5.3, update to version 11.5.4 or later.
For F5 BIG-IP GTM versions 11.6.x through 11.6.0, update to version 11.6.1 or later.
For F5 BIG-IQ Cloud and Security versions 4.0.0 through 4.5.0, update to a version later than 4.5.0.
For F5 BIG-IQ Device versions 4.2.0 through 4.5.0, update to a version later than 4.5.0.
For F5 BIG-IQ ADC version 4.5.0, update to a version later than 4.5.0.
For F5 BIG-IQ Centralized Management version 4.6.0, update to a version later than 4.6.0.
For F5 BIG-IQ Cloud and Orchestration version 1.0.0, update to a version later than 1.0.0.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Big-Ip Aam
Big-Ip Afm
Big-Ip Apm
Big-Ip Asm
Big-Ip Analytics
Big-Ip Dns
Big-Ip Gtm
Big-Ip Ltm
Big-Ip Link Controller
Big-Ip Pem
Big-Iq Adc
Big-Iq Centralized Management
Big-Iq Cloud/Orchestration
Big-Iq Cloud/Security
Big-Iq Device