Lucene search
HistoryMar 27, 2017 - 3:59 p.m.
CVE-2016-7474
f5
big-ip
vulnerability
mcpd binary cache
advanced shell access
qkview
unauthorized access
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.7 Medium
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
20.0%
In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information.
Affected configurations
Node
f5big-ip_local_traffic_managerMatch11.2.1
ORf5big-ip_local_traffic_managerMatch11.4.0
ORf5big-ip_local_traffic_managerMatch11.4.1
ORf5big-ip_local_traffic_managerMatch11.5.0
ORf5big-ip_local_traffic_managerMatch11.5.1
ORf5big-ip_local_traffic_managerMatch11.5.2
ORf5big-ip_local_traffic_managerMatch11.5.3
ORf5big-ip_local_traffic_managerMatch11.5.4
ORf5big-ip_local_traffic_managerMatch11.6.0
ORf5big-ip_local_traffic_managerMatch11.6.1
ORf5big-ip_local_traffic_managerMatch12.0.0
ORf5big-ip_local_traffic_managerMatch12.1.0
ORf5big-ip_local_traffic_managerMatch12.1.1
Node
f5big-ip_application_acceleration_managerMatch11.4.0
ORf5big-ip_application_acceleration_managerMatch11.4.1
ORf5big-ip_application_acceleration_managerMatch11.5.0
ORf5big-ip_application_acceleration_managerMatch11.5.1
ORf5big-ip_application_acceleration_managerMatch11.5.2
ORf5big-ip_application_acceleration_managerMatch11.5.3
ORf5big-ip_application_acceleration_managerMatch11.5.4
ORf5big-ip_application_acceleration_managerMatch11.6.0
ORf5big-ip_application_acceleration_managerMatch11.6.1
ORf5big-ip_application_acceleration_managerMatch12.0.0
ORf5big-ip_application_acceleration_managerMatch12.1.0
ORf5big-ip_application_acceleration_managerMatch12.1.1
Node
f5big-ip_advanced_firewall_managerMatch11.4.0
ORf5big-ip_advanced_firewall_managerMatch11.4.1
ORf5big-ip_advanced_firewall_managerMatch11.5.0
ORf5big-ip_advanced_firewall_managerMatch11.5.1
ORf5big-ip_advanced_firewall_managerMatch11.5.2
ORf5big-ip_advanced_firewall_managerMatch11.5.3
ORf5big-ip_advanced_firewall_managerMatch11.5.4
ORf5big-ip_advanced_firewall_managerMatch11.6.0
ORf5big-ip_advanced_firewall_managerMatch11.6.1
ORf5big-ip_advanced_firewall_managerMatch12.0.0
ORf5big-ip_advanced_firewall_managerMatch12.1.0
ORf5big-ip_advanced_firewall_managerMatch12.1.1
Node
f5big-ip_analyticsMatch11.2.1
ORf5big-ip_analyticsMatch11.4.0
ORf5big-ip_analyticsMatch11.4.1
ORf5big-ip_analyticsMatch11.5.0
ORf5big-ip_analyticsMatch11.5.1
ORf5big-ip_analyticsMatch11.5.2
ORf5big-ip_analyticsMatch11.5.3
ORf5big-ip_analyticsMatch11.5.4
ORf5big-ip_analyticsMatch11.6.0
ORf5big-ip_analyticsMatch11.6.1
ORf5big-ip_analyticsMatch12.0.0
ORf5big-ip_analyticsMatch12.1.0
ORf5big-ip_analyticsMatch12.1.1
Node
f5big-ip_access_policy_managerMatch11.2.1
ORf5big-ip_access_policy_managerMatch11.4.0
ORf5big-ip_access_policy_managerMatch11.4.1
ORf5big-ip_access_policy_managerMatch11.5.0
ORf5big-ip_access_policy_managerMatch11.5.1
ORf5big-ip_access_policy_managerMatch11.5.2
ORf5big-ip_access_policy_managerMatch11.5.3
ORf5big-ip_access_policy_managerMatch11.5.4
ORf5big-ip_access_policy_managerMatch11.6.0
ORf5big-ip_access_policy_managerMatch11.6.1
ORf5big-ip_access_policy_managerMatch12.0.0
ORf5big-ip_access_policy_managerMatch12.1.0
ORf5big-ip_access_policy_managerMatch12.1.1
Node
f5big-ip_application_security_managerMatch11.2.1
ORf5big-ip_application_security_managerMatch11.4.0
ORf5big-ip_application_security_managerMatch11.4.1
ORf5big-ip_application_security_managerMatch11.5.0
ORf5big-ip_application_security_managerMatch11.5.1
ORf5big-ip_application_security_managerMatch11.5.2
ORf5big-ip_application_security_managerMatch11.5.3
ORf5big-ip_application_security_managerMatch11.5.4
ORf5big-ip_application_security_managerMatch11.6.0
ORf5big-ip_application_security_managerMatch11.6.1
ORf5big-ip_application_security_managerMatch12.0.0
ORf5big-ip_application_security_managerMatch12.1.0
ORf5big-ip_application_security_managerMatch12.1.1
Node
f5big-ip_domain_name_systemMatch12.0.0
ORf5big-ip_domain_name_systemMatch12.1.0
ORf5big-ip_domain_name_systemMatch12.1.1
Node
f5big-ip_link_controllerMatch11.2.1
ORf5big-ip_link_controllerMatch11.4.0
ORf5big-ip_link_controllerMatch11.4.1
ORf5big-ip_link_controllerMatch11.5.0
ORf5big-ip_link_controllerMatch11.5.1
ORf5big-ip_link_controllerMatch11.5.2
ORf5big-ip_link_controllerMatch11.5.3
ORf5big-ip_link_controllerMatch11.5.4
ORf5big-ip_link_controllerMatch11.6.0
ORf5big-ip_link_controllerMatch11.6.1
ORf5big-ip_link_controllerMatch12.0.0
ORf5big-ip_link_controllerMatch12.1.0
ORf5big-ip_link_controllerMatch12.1.1
Node
f5big-ip_policy_enforcement_managerMatch11.4.0
ORf5big-ip_policy_enforcement_managerMatch11.4.1
ORf5big-ip_policy_enforcement_managerMatch11.5.0
ORf5big-ip_policy_enforcement_managerMatch11.5.1
ORf5big-ip_policy_enforcement_managerMatch11.5.2
ORf5big-ip_policy_enforcement_managerMatch11.5.3
ORf5big-ip_policy_enforcement_managerMatch11.5.4
ORf5big-ip_policy_enforcement_managerMatch11.6.0
ORf5big-ip_policy_enforcement_managerMatch11.6.1
ORf5big-ip_policy_enforcement_managerMatch12.0.0
ORf5big-ip_policy_enforcement_managerMatch12.1.0
ORf5big-ip_policy_enforcement_managerMatch12.1.1
Node
f5big-ip_websafeMatch11.6.0
ORf5big-ip_websafeMatch11.6.1
ORf5big-ip_websafeMatch12.0.0
ORf5big-ip_websafeMatch12.1.0
ORf5big-ip_websafeMatch12.1.1
Node
f5big-ip_edge_gatewayMatch11.2.1
Node
f5big-ip_global_traffic_managerMatch11.2.1
ORf5big-ip_global_traffic_managerMatch11.4.0
ORf5big-ip_global_traffic_managerMatch11.4.1
ORf5big-ip_global_traffic_managerMatch11.5.0
ORf5big-ip_global_traffic_managerMatch11.5.1
ORf5big-ip_global_traffic_managerMatch11.5.2
ORf5big-ip_global_traffic_managerMatch11.5.3
ORf5big-ip_global_traffic_managerMatch11.5.4
ORf5big-ip_global_traffic_managerMatch11.6.0
ORf5big-ip_global_traffic_managerMatch11.6.1
Node
f5big-ip_protocol_security_moduleMatch11.4.0
ORf5big-ip_protocol_security_moduleMatch11.4.1
Node
f5big-ip_webacceleratorMatch11.2.1
CNA Affected
[
{
"product": "F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM",
"vendor": "F5 Networks",
"versions": [
{
"status": "affected",
"version": "10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.2.1, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1"
}
]
}
]Related
nvd
nvd
CVE-2016-7474
2017-03-27 15:59:00
prion
prion
Information disclosure
2017-03-27 15:59:00
f5
f5
K52180214 : MCPD vulnerability CVE-2016-7474
2017-03-24 00:00:00
nessus
nessus
F5 Networks BIG-IP : MCPD vulnerability (K52180214)
2017-03-28 00:00:00
cvelist
cvelist
CVE-2016-7474
2017-03-27 15:00:00
openvas
openvas
F5 BIG-IP - MCPD vulnerability CVE-2016-7474
2017-03-27 00:00:00
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.7 Medium
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
20.0%
Related for CVE-2016-7474