K35520031 : BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2016-5700

2016-09-2800:00:00

my.f5.com

9.5 High

AI Score

Confidence

High

0.054 Low

EPSS

Percentile

93.2%

JSON

Security Advisory Description

BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system. (CVE-2016-5700)
F5 Technical Support has no additional information about this issue.
Impact
When this vulnerability is successfully exploited, a remote attacker may be able to modify the system configuration or extract sensitive system files.
CVSS v3.0 metrics for CVE-2016-5700
CVSS V3 score: 9.0 (base) / 7.8 (temporal)
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Note: Due to details unique to CVE-2016-5700, we have included CVSS v3.0 metrics in this article. We have not included CVSS v3.0 metrics in Security Advisory articles published on AskF5 for other vulnerabilities.

CPENameOperatorVersion
big-ip afmeq11.4.0
big-ip afmeq11.4.1
big-ip afmeq11.5.0
big-ip afmeq11.5.1
big-ip afmeq11.5.2
big-ip afmeq11.5.3
big-ip afmeq11.5.4
big-ip afmeq11.6.0
big-ip afmeq11.6.1
big-ip afmeq12.0.0

Name	Operator	Version
big-ip afm	eq	11.4.0
big-ip afm	eq	11.4.1
big-ip afm	eq	11.5.0
big-ip afm	eq	11.5.1
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3
big-ip afm	eq	11.5.4
big-ip afm	eq	11.6.0
big-ip afm	eq	11.6.1
big-ip afm	eq	12.0.0

Rows per page:

1-10 of 1771