Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-5700

Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors.

Published

2016-10-03T16:09:13.790

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-284

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	f5	big-ip_policy_enforcement_manager	11.5.0	Yes
Application	f5	big-ip_policy_enforcement_manager	11.5.1	Yes
Application	f5	big-ip_policy_enforcement_manager	11.5.2	Yes
Application	f5	big-ip_policy_enforcement_manager	11.5.3	Yes
Application	f5	big-ip_policy_enforcement_manager	11.5.4	Yes
Application	f5	big-ip_policy_enforcement_manager	11.6.0	Yes
Application	f5	big-ip_policy_enforcement_manager	11.6.1	Yes
Application	f5	big-ip_policy_enforcement_manager	12.0.0	Yes
Application	f5	big-ip_policy_enforcement_manager	12.1.0	Yes
Application	f5	big-ip_local_traffic_manager	11.5.0	Yes
Application	f5	big-ip_local_traffic_manager	11.5.1	Yes
Application	f5	big-ip_local_traffic_manager	11.5.2	Yes
Application	f5	big-ip_local_traffic_manager	11.5.3	Yes
Application	f5	big-ip_local_traffic_manager	11.5.4	Yes
Application	f5	big-ip_local_traffic_manager	11.6.0	Yes
Application	f5	big-ip_local_traffic_manager	11.6.1	Yes
Application	f5	big-ip_local_traffic_manager	12.0.0	Yes
Application	f5	big-ip_local_traffic_manager	12.1.0	Yes
Application	f5	big-ip_websafe	11.6.0	Yes
Application	f5	big-ip_websafe	11.6.1	Yes
Application	f5	big-ip_websafe	12.0.0	Yes
Application	f5	big-ip_websafe	12.1.0	Yes
Application	f5	big-ip_link_controller	11.5.0	Yes
Application	f5	big-ip_link_controller	11.5.1	Yes
Application	f5	big-ip_link_controller	11.5.2	Yes
Application	f5	big-ip_link_controller	11.5.3	Yes
Application	f5	big-ip_link_controller	11.5.4	Yes
Application	f5	big-ip_link_controller	11.6.0	Yes
Application	f5	big-ip_link_controller	11.6.1	Yes
Application	f5	big-ip_link_controller	12.0.0	Yes
Application	f5	big-ip_link_controller	12.1.0	Yes
Application	f5	big-ip_application_acceleration_manager	11.5.0	Yes
Application	f5	big-ip_application_acceleration_manager	11.5.1	Yes
Application	f5	big-ip_application_acceleration_manager	11.5.2	Yes
Application	f5	big-ip_application_acceleration_manager	11.5.3	Yes
Application	f5	big-ip_application_acceleration_manager	11.5.4	Yes
Application	f5	big-ip_application_acceleration_manager	11.6.0	Yes
Application	f5	big-ip_application_acceleration_manager	11.6.1	Yes
Application	f5	big-ip_application_acceleration_manager	12.0.0	Yes
Application	f5	big-ip_application_acceleration_manager	12.1.0	Yes
Application	f5	big-ip_access_policy_manager	11.5.0	Yes
Application	f5	big-ip_access_policy_manager	11.5.1	Yes
Application	f5	big-ip_access_policy_manager	11.5.2	Yes
Application	f5	big-ip_access_policy_manager	11.5.3	Yes
Application	f5	big-ip_access_policy_manager	11.5.4	Yes
Application	f5	big-ip_access_policy_manager	11.6.0	Yes
Application	f5	big-ip_access_policy_manager	11.6.1	Yes
Application	f5	big-ip_access_policy_manager	12.0.0	Yes
Application	f5	big-ip_access_policy_manager	12.1.0	Yes
Application	f5	big-ip_advanced_firewall_manager	11.5.0	Yes
Application	f5	big-ip_advanced_firewall_manager	11.5.1	Yes
Application	f5	big-ip_advanced_firewall_manager	11.5.2	Yes
Application	f5	big-ip_advanced_firewall_manager	11.5.3	Yes
Application	f5	big-ip_advanced_firewall_manager	11.5.4	Yes
Application	f5	big-ip_advanced_firewall_manager	11.6.0	Yes
Application	f5	big-ip_advanced_firewall_manager	11.6.1	Yes
Application	f5	big-ip_advanced_firewall_manager	12.0.0	Yes
Application	f5	big-ip_advanced_firewall_manager	12.1.0	Yes
Application	f5	big-ip_application_security_manager	11.5.0	Yes
Application	f5	big-ip_application_security_manager	11.5.1	Yes
Application	f5	big-ip_application_security_manager	11.5.2	Yes
Application	f5	big-ip_application_security_manager	11.5.3	Yes
Application	f5	big-ip_application_security_manager	11.5.4	Yes
Application	f5	big-ip_application_security_manager	11.6.0	Yes
Application	f5	big-ip_application_security_manager	11.6.1	Yes
Application	f5	big-ip_application_security_manager	12.0.0	Yes
Application	f5	big-ip_application_security_manager	12.1.0	Yes

References

http://www.securityfocus.com/bid/93325 ([email protected])
http://www.securitytracker.com/id/1036928 Third Party Advisory, VDB Entry ([email protected])
https://support.f5.com/kb/en-us/solutions/public/k/35/sol35520031.html Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/93325 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1036928 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://support.f5.com/kb/en-us/solutions/public/k/35/sol35520031.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)