Lucene search
HistoryMay 10, 2017 - 2:29 p.m.
CVE-2016-9250
f5
big-ip
cve-2016-9250
unauthorized access
file deletion
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
42.1%
In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.
Affected configurations
Node
f5big-ip_local_traffic_managerMatch11.2.1
ORf5big-ip_local_traffic_managerMatch11.4.0
ORf5big-ip_local_traffic_managerMatch11.4.1
ORf5big-ip_local_traffic_managerMatch11.5.0
ORf5big-ip_local_traffic_managerMatch11.5.1
ORf5big-ip_local_traffic_managerMatch11.5.2
ORf5big-ip_local_traffic_managerMatch11.5.3
ORf5big-ip_local_traffic_managerMatch11.5.4
ORf5big-ip_local_traffic_managerMatch11.6.0
ORf5big-ip_local_traffic_managerMatch11.6.1
ORf5big-ip_local_traffic_managerMatch12.0.0
ORf5big-ip_local_traffic_managerMatch12.1.0
ORf5big-ip_local_traffic_managerMatch12.1.1
ORf5big-ip_local_traffic_managerMatch12.1.2
Node
f5big-ip_application_acceleration_managerMatch11.4.0
ORf5big-ip_application_acceleration_managerMatch11.4.1
ORf5big-ip_application_acceleration_managerMatch11.5.0
ORf5big-ip_application_acceleration_managerMatch11.5.1
ORf5big-ip_application_acceleration_managerMatch11.5.2
ORf5big-ip_application_acceleration_managerMatch11.5.3
ORf5big-ip_application_acceleration_managerMatch11.5.4
ORf5big-ip_application_acceleration_managerMatch11.6.0
ORf5big-ip_application_acceleration_managerMatch11.6.1
ORf5big-ip_application_acceleration_managerMatch12.0.0
ORf5big-ip_application_acceleration_managerMatch12.1.0
ORf5big-ip_application_acceleration_managerMatch12.1.1
ORf5big-ip_application_acceleration_managerMatch12.1.2
Node
f5big-ip_advanced_firewall_managerMatch11.2.1
ORf5big-ip_advanced_firewall_managerMatch11.4.0
ORf5big-ip_advanced_firewall_managerMatch11.4.1
ORf5big-ip_advanced_firewall_managerMatch11.5.0
ORf5big-ip_advanced_firewall_managerMatch11.5.1
ORf5big-ip_advanced_firewall_managerMatch11.5.2
ORf5big-ip_advanced_firewall_managerMatch11.5.3
ORf5big-ip_advanced_firewall_managerMatch11.5.4
ORf5big-ip_advanced_firewall_managerMatch11.6.0
ORf5big-ip_advanced_firewall_managerMatch11.6.1
ORf5big-ip_advanced_firewall_managerMatch12.0.0
ORf5big-ip_advanced_firewall_managerMatch12.1.0
ORf5big-ip_advanced_firewall_managerMatch12.1.1
ORf5big-ip_advanced_firewall_managerMatch12.1.2
Node
f5big-ip_analyticsMatch11.2.1
ORf5big-ip_analyticsMatch11.4.0
ORf5big-ip_analyticsMatch11.4.1
ORf5big-ip_analyticsMatch11.5.0
ORf5big-ip_analyticsMatch11.5.1
ORf5big-ip_analyticsMatch11.5.2
ORf5big-ip_analyticsMatch11.5.3
ORf5big-ip_analyticsMatch11.5.4
ORf5big-ip_analyticsMatch11.6.0
ORf5big-ip_analyticsMatch11.6.1
ORf5big-ip_analyticsMatch12.0.0
ORf5big-ip_analyticsMatch12.1.0
ORf5big-ip_analyticsMatch12.1.1
ORf5big-ip_analyticsMatch12.1.2
Node
f5big-ip_access_policy_managerMatch11.2.1
ORf5big-ip_access_policy_managerMatch11.4.0
ORf5big-ip_access_policy_managerMatch11.4.1
ORf5big-ip_access_policy_managerMatch11.5.0
ORf5big-ip_access_policy_managerMatch11.5.1
ORf5big-ip_access_policy_managerMatch11.5.2
ORf5big-ip_access_policy_managerMatch11.5.3
ORf5big-ip_access_policy_managerMatch11.5.4
ORf5big-ip_access_policy_managerMatch11.6.0
ORf5big-ip_access_policy_managerMatch11.6.1
ORf5big-ip_access_policy_managerMatch12.0.0
ORf5big-ip_access_policy_managerMatch12.1.0
ORf5big-ip_access_policy_managerMatch12.1.1
ORf5big-ip_access_policy_managerMatch12.1.2
Node
f5big-ip_application_security_managerMatch11.2.1
ORf5big-ip_application_security_managerMatch11.4.0
ORf5big-ip_application_security_managerMatch11.4.1
ORf5big-ip_application_security_managerMatch11.5.0
ORf5big-ip_application_security_managerMatch11.5.1
ORf5big-ip_application_security_managerMatch11.5.2
ORf5big-ip_application_security_managerMatch11.5.3
ORf5big-ip_application_security_managerMatch11.5.4
ORf5big-ip_application_security_managerMatch11.6.0
ORf5big-ip_application_security_managerMatch11.6.1
ORf5big-ip_application_security_managerMatch12.0.0
ORf5big-ip_application_security_managerMatch12.1.0
ORf5big-ip_application_security_managerMatch12.1.1
ORf5big-ip_application_security_managerMatch12.1.2
Node
f5big-ip_domain_name_systemMatch12.0.0
ORf5big-ip_domain_name_systemMatch12.1.0
ORf5big-ip_domain_name_systemMatch12.1.1
ORf5big-ip_domain_name_systemMatch12.1.2
Node
f5big-ip_edge_gatewayMatch11.2.1
Node
f5big-ip_global_traffic_managerMatch11.2.1
ORf5big-ip_global_traffic_managerMatch11.4.0
ORf5big-ip_global_traffic_managerMatch11.4.1
ORf5big-ip_global_traffic_managerMatch11.5.0
ORf5big-ip_global_traffic_managerMatch11.5.1
ORf5big-ip_global_traffic_managerMatch11.5.2
ORf5big-ip_global_traffic_managerMatch11.5.3
ORf5big-ip_global_traffic_managerMatch11.5.4
ORf5big-ip_global_traffic_managerMatch11.6.0
ORf5big-ip_global_traffic_managerMatch11.6.1
Node
f5big-ip_link_controllerMatch11.2.1
ORf5big-ip_link_controllerMatch11.4.0
ORf5big-ip_link_controllerMatch11.4.1
ORf5big-ip_link_controllerMatch11.5.0
ORf5big-ip_link_controllerMatch11.5.1
ORf5big-ip_link_controllerMatch11.5.2
ORf5big-ip_link_controllerMatch11.5.3
ORf5big-ip_link_controllerMatch11.5.4
ORf5big-ip_link_controllerMatch11.6.0
ORf5big-ip_link_controllerMatch11.6.1
ORf5big-ip_link_controllerMatch12.0.0
ORf5big-ip_link_controllerMatch12.1.0
ORf5big-ip_link_controllerMatch12.1.1
ORf5big-ip_link_controllerMatch12.1.2
Node
f5big-ip_policy_enforcement_managerMatch11.4.0
ORf5big-ip_policy_enforcement_managerMatch11.4.1
ORf5big-ip_policy_enforcement_managerMatch11.5.0
ORf5big-ip_policy_enforcement_managerMatch11.5.1
ORf5big-ip_policy_enforcement_managerMatch11.5.2
ORf5big-ip_policy_enforcement_managerMatch11.5.3
ORf5big-ip_policy_enforcement_managerMatch11.5.4
ORf5big-ip_policy_enforcement_managerMatch11.6.0
ORf5big-ip_policy_enforcement_managerMatch11.6.1
ORf5big-ip_policy_enforcement_managerMatch12.0.0
ORf5big-ip_policy_enforcement_managerMatch12.1.0
ORf5big-ip_policy_enforcement_managerMatch12.1.1
ORf5big-ip_policy_enforcement_managerMatch12.1.2
Node
f5big-ip_protocol_security_moduleMatch11.4.0
ORf5big-ip_protocol_security_moduleMatch11.4.1
Node
f5big-ip_webacceleratorMatch11.2.1
Node
f5big-ip_websafeMatch11.6.0
ORf5big-ip_websafeMatch11.6.1
ORf5big-ip_websafeMatch12.0.0
ORf5big-ip_websafeMatch12.1.0
ORf5big-ip_websafeMatch12.1.1
ORf5big-ip_websafeMatch12.1.2
CNA Affected
[
{
"product": "BIG-IP",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "11.2.1"
},
{
"status": "affected",
"version": "11.4.0-11.6.1"
},
{
"status": "affected",
"version": "12.0.0-12.1.2"
}
]
}
]References
Related
nessus
nessus
F5 Networks BIG-IP : BIG-IP management vulnerability (K55792317)
2017-05-08 00:00:00
nvd
nvd
CVE-2016-9250
2017-05-10 14:29:00
f5
f5
K55792317 : BIG-IP management vulnerability CVE-2016-9250
2017-05-05 00:00:00
cvelist
cvelist
CVE-2016-9250
2017-05-10 14:00:00
prion
prion
Design/Logic Flaw
2017-05-10 14:29:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
42.1%
Related for CVE-2016-9250