Lucene search

K
cve[email protected]CVE-2016-5024
HistoryJan 03, 2017 - 9:59 p.m.

CVE-2016-5024

2017-01-0321:59:00
CWE-20
web.nvd.nist.gov
24
cve-2016-5024
f5
big-ip
denial of service
vulnerability
radius
irule

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

74.5%

Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic.

Affected configurations

NVD
Node
f5big-ip_local_traffic_managerMatch11.6.1
OR
f5big-ip_local_traffic_managerMatch12.1.0
OR
f5big-ip_local_traffic_managerMatch12.1.1
Node
f5big-ip_application_acceleration_managerMatch11.6.1
OR
f5big-ip_application_acceleration_managerMatch12.1.0
OR
f5big-ip_application_acceleration_managerMatch12.1.1
Node
f5big-ip_advanced_firewall_managerMatch11.6.1
OR
f5big-ip_advanced_firewall_managerMatch12.1.0
OR
f5big-ip_advanced_firewall_managerMatch12.1.1
Node
f5big-ip_analyticsMatch11.6.1
OR
f5big-ip_analyticsMatch12.1.0
OR
f5big-ip_analyticsMatch12.1.1
Node
f5big-ip_access_policy_managerMatch11.6.1
OR
f5big-ip_access_policy_managerMatch12.1.0
OR
f5big-ip_access_policy_managerMatch12.1.1
Node
f5big-ip_application_security_managerMatch11.6.1
OR
f5big-ip_application_security_managerMatch12.1.0
OR
f5big-ip_application_security_managerMatch12.1.1
Node
f5big-ip_domain_name_systemMatch12.1.0
OR
f5big-ip_domain_name_systemMatch12.1.1
Node
f5big-ip_global_traffic_managerMatch11.6.1
Node
f5big-ip_link_controllerMatch11.6.1
OR
f5big-ip_link_controllerMatch12.1.0
OR
f5big-ip_link_controllerMatch12.1.1
Node
f5big-ip_policy_enforcement_managerMatch11.6.1
OR
f5big-ip_policy_enforcement_managerMatch12.1.0
OR
f5big-ip_policy_enforcement_managerMatch12.1.1

CNA Affected

[
  {
    "product": "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM",
    "vendor": "F5 Networks",
    "versions": [
      {
        "status": "affected",
        "version": "11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2"
      }
    ]
  }
]

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.004 Low

EPSS

Percentile

74.5%

Related for CVE-2016-5024