PT-2017-10022 · F5 · F5 Big-Ip

Published

2017-05-10

Updated

2019-06-06

CVE-2016-9250

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.2.1, 11.4.0 through 11.6.1, 12.0.0 through 12.1.2

Description An issue exists where an unauthenticated user with access to the control plane may be able to delete arbitrary files. The exact mechanism of this issue is not disclosed.

Recommendations For versions 11.2.1, consider restricting access to the control plane to prevent unauthorized file deletion. For versions 11.4.0 through 11.6.1, restrict access to the control plane to minimize the risk of exploitation. For versions 12.0.0 through 12.1.2, limit access to the control plane until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2016-9250

Affected Products

F5 Big-Ip

PT-2017-10022 · F5 · F5 Big-Ip

CVE-2016-9250

Weakness Enumeration

Related Identifiers

Affected Products

References · 3