Lucene search

[email protected]CVE-2016-5024

HistoryJan 03, 2017 - 9:59 p.m.

CVE-2016-5024

2017-01-0321:59:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2016-5024

big-ip

denial of service

vulnerability

radius

irule

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

74.5%

JSON

Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic.

Affected configurations

NVD

Node

f5big-ip_local_traffic_managerMatch11.6.1

f5big-ip_local_traffic_managerMatch12.1.0

f5big-ip_local_traffic_managerMatch12.1.1

Node

f5big-ip_application_acceleration_managerMatch11.6.1

f5big-ip_application_acceleration_managerMatch12.1.0

f5big-ip_application_acceleration_managerMatch12.1.1

Node

f5big-ip_advanced_firewall_managerMatch11.6.1

f5big-ip_advanced_firewall_managerMatch12.1.0

f5big-ip_advanced_firewall_managerMatch12.1.1

Node

f5big-ip_analyticsMatch11.6.1

f5big-ip_analyticsMatch12.1.0

f5big-ip_analyticsMatch12.1.1

Node

f5big-ip_access_policy_managerMatch11.6.1

f5big-ip_access_policy_managerMatch12.1.0

f5big-ip_access_policy_managerMatch12.1.1

Node

f5big-ip_application_security_managerMatch11.6.1

f5big-ip_application_security_managerMatch12.1.0

f5big-ip_application_security_managerMatch12.1.1

Node

f5big-ip_domain_name_systemMatch12.1.0

f5big-ip_domain_name_systemMatch12.1.1

Node

f5big-ip_global_traffic_managerMatch11.6.1

Node

f5big-ip_link_controllerMatch11.6.1

f5big-ip_link_controllerMatch12.1.0

f5big-ip_link_controllerMatch12.1.1

Node

f5big-ip_policy_enforcement_managerMatch11.6.1

f5big-ip_policy_enforcement_managerMatch12.1.0

f5big-ip_policy_enforcement_managerMatch12.1.1

CPENameOperatorVersion
f5:big-ip_local_traffic_managerf5 big-ip local traffic managereq11.6.1
f5:big-ip_local_traffic_managerf5 big-ip local traffic managereq12.1.0
f5:big-ip_local_traffic_managerf5 big-ip local traffic managereq12.1.1

CPE	Name	Operator	Version
f5:big-ip_local_traffic_manager	f5 big-ip local traffic manager	eq	11.6.1
f5:big-ip_local_traffic_manager	f5 big-ip local traffic manager	eq	12.1.0
f5:big-ip_local_traffic_manager	f5 big-ip local traffic manager	eq	12.1.1

CNA Affected

[
  {
    "product": "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM",
    "vendor": "F5 Networks",
    "versions": [
      {
        "status": "affected",
        "version": "11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2"
      }
    ]
  }
]

References

www.securityfocus.com/bid/95228

www.securitytracker.com/id/1037510

support.f5.com/csp/#/article/K92859602

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

74.5%

JSON

Related for CVE-2016-5024

prion1 f51 cvelist1 openvas1 nvd1