PT-2016-6648 · F5 · F5 Big-Ip

Published

2016-10-03

Updated

2016-11-28

CVE-2016-5700

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions F5 BIG-IP systems versions 11.5.0 through 11.5.4 before HF2 F5 BIG-IP systems versions 11.6.0 through 11.6.1 before HF1 F5 BIG-IP systems versions 12.0.0 through 12.1.0 before HF2

Description The issue allows remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors when the HTTP Explicit Proxy functionality or SOCKS profile is configured.

Recommendations For versions 11.5.0 through 11.5.4 before HF2, apply the HF11 or HF2 hotfix to resolve the issue. For versions 11.6.0 through 11.6.1 before HF1, apply the HF8 or HF1 hotfix to resolve the issue. For versions 12.0.0 through 12.1.0 before HF2, apply the HF4 or HF2 hotfix to resolve the issue.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2016-5700

Affected Products

F5 Big-Ip

PT-2016-6648 · F5 · F5 Big-Ip

CVE-2016-5700

Weakness Enumeration

Related Identifiers

Affected Products

References · 5