BIG-IP devices using NAT64 are vulnerable to an unauthenticated remote attack that may allow modification of the BIG-IP system configuration. (CVE-2016-5745)
F5 Technical Support has no additional information about this issue.
Impact
An unauthorized remote attack may allow modification or extraction of the BIG-IP system configuration files.
Note: This vulnerability was identified during an internal code audit, and there are no known exploits at this time.
CVSS v3.0 metrics for CVE-2016-5745
CVSS V3 score: 10.0 (base) / 8.7 (temporal)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Note: Due to details unique to CVE-2016-5745, we have included CVSS v3.0 metrics in this article. We have not included CVSS v3.0 metrics in Security Advisory articles published on AskF5 for other vulnerabilities.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip afm | eq | 11.4.0 | |
big-ip afm | eq | 11.4.1 | |
big-ip afm | eq | 11.5.0 | |
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.5.4 | |
big-ip afm | eq | 11.6.0 | |
big-ip afm | eq | 11.6.1 | |
big-ip afm | eq | 12.0.0 |