BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system. (CVE-2016-5700)
F5 Technical Support has no additional information about this issue.
Impact
When this vulnerability is successfully exploited, a remote attacker may be able to modify the system configuration or extract sensitive system files.
CVSS v3.0 metrics for CVE-2016-5700
CVSS V3 score: 9.0 (base) / 7.8 (temporal)
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Note: Due to details unique to CVE-2016-5700, we have included CVSS v3.0 metrics in this article. We have not included CVSS v3.0 metrics in Security Advisory articles published on AskF5 for other vulnerabilities.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip afm | eq | 11.4.0 | |
big-ip afm | eq | 11.4.1 | |
big-ip afm | eq | 11.5.0 | |
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.5.4 | |
big-ip afm | eq | 11.6.0 | |
big-ip afm | eq | 11.6.1 | |
big-ip afm | eq | 12.0.0 |