CVE-2016-9256

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 12.1.0 through 12.1.2

Description The issue is related to a race condition that occurs when permissions enforced by iControl lag behind the actual permissions assigned to a user. This happens if the role map is not reloaded between the time the permissions are changed and the time of the user's next request. The condition occurs rarely in normal usage and is limited to a short period, typically a few seconds after the permission change.

Recommendations For F5 BIG-IP versions 12.1.0 through 12.1.2, consider reloading the role map after changing user permissions to prevent the race condition. As a temporary workaround, ensure that users do not make requests immediately after their permissions have been changed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.