Details of VAR-201705-3520

ID

VAR-201705-3520

CVE

CVE-2016-9250

TITLE

plural F5 BIG-IP Vulnerabilities related to authorization, authority, and access control in products

Trust: 0.8

sources: JVNDB: JVNDB-2016-008581

DESCRIPTION

In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism. plural F5 BIG-IP The product contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Multiple F5 BIG-IP Products are prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. An attacker could exploit this vulnerability to delete arbitrary files. The following versions are affected: F5 BIG-IP Version 11.2.1, Version 11.4.0 to Version 11.6.1, Version 12.0.0 to Version 12.1.2

Trust: 1.98

sources: NVD: CVE-2016-9250 // JVNDB: JVNDB-2016-008581 // BID: 98478 // VULHUB: VHN-98070

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.2.1	Trust: 1.9
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.1	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.2	Trust: 1.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.2	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.4	Trust: 1.6
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.4.1	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.3	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.1	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.6.0	Trust: 1.6
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.1	Trust: 1.6
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.2.1	Trust: 1.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.2.1	Trust: 1.3
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.2.1	Trust: 1.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.0	Trust: 1.3
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.1.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip domain name system	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip websafe	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	big-ip websafe hf1	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip webaccelerator hf15	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip psm	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip pem hf1	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip pem hf1	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf15	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf1	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf15	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf1	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm hf1	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip gtm hf15	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip gtm	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip edge gateway hf15	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip dns hf1	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip asm hf1	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip asm hf15	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip asm hf1	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf1	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip apm hf1	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.4.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf5	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf1	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf15	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf1	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip afm hf1	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip afm hf1	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip aam hf1	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip aam hf1	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	eq	version:	11.4.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip websafe hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip pem	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip pem hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip pem hf2	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip pem hf3	scope:	ne	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf2	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf3	scope:	ne	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip link controller	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf2	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip link controller hf3	scope:	ne	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip gtm hf3	scope:	ne	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip dns	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip dns hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip asm	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip asm hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip asm hf2	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip asm hf3	scope:	ne	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip apm	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip apm hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip apm hf2	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip apm hf3	scope:	ne	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip analytics	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf2	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip analytics hf3	scope:	ne	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip afm	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip afm hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip afm hf2	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip afm hf3	scope:	ne	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip aam	scope:	ne	version:	13.0	Trust: 0.3
vendor:	f5	model:	big-ip aam hf1	scope:	ne	version:	12.1.2	Trust: 0.3
vendor:	f5	model:	big-ip aam hf2	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip aam hf3	scope:	ne	version:	11.5.4	Trust: 0.3

sources: BID: 98478 // JVNDB: JVNDB-2016-008581 // CNNVD: CNNVD-201705-558 // NVD: CVE-2016-9250

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-9250
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-9250
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201705-558
value:	HIGH
Trust: 0.6
VULHUB:	VHN-98070
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-9250
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-98070
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-9250
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-98070 // JVNDB: JVNDB-2016-008581 // CNNVD: CNNVD-201705-558 // NVD: CVE-2016-9250

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-98070 // JVNDB: JVNDB-2016-008581 // NVD: CVE-2016-9250

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-558

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201705-558

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-008581

PATCH

title:	K55792317: BIG-IP management vulnerability CVE-2016-9250	url:	https://support.f5.com/csp/article/K55792317	Trust: 0.8
title:	F5 BIG-IP Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70059	Trust: 0.6

sources: JVNDB: JVNDB-2016-008581 // CNNVD: CNNVD-201705-558

EXTERNAL IDS

db:	NVD	id:	CVE-2016-9250	Trust: 2.8
db:	JVNDB	id:	JVNDB-2016-008581	Trust: 0.8
db:	CNNVD	id:	CNNVD-201705-558	Trust: 0.7
db:	BID	id:	98478	Trust: 0.4
db:	VULHUB	id:	VHN-98070	Trust: 0.1

sources: VULHUB: VHN-98070 // BID: 98478 // JVNDB: JVNDB-2016-008581 // CNNVD: CNNVD-201705-558 // NVD: CVE-2016-9250

REFERENCES

url:	https://support.f5.com/csp/article/k55792317	Trust: 2.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9250	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9250	Trust: 0.8
url:	http://www.f5.com/products/big-ip/	Trust: 0.3

sources: VULHUB: VHN-98070 // BID: 98478 // JVNDB: JVNDB-2016-008581 // CNNVD: CNNVD-201705-558 // NVD: CVE-2016-9250

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 98478

SOURCES

db:	VULHUB	id:	VHN-98070
db:	BID	id:	98478
db:	JVNDB	id:	JVNDB-2016-008581
db:	CNNVD	id:	CNNVD-201705-558
db:	NVD	id:	CVE-2016-9250

LAST UPDATE DATE

2024-11-23T21:54:06.194000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-98070	date:	2019-06-06T00:00:00
db:	BID	id:	98478	date:	2017-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2016-008581	date:	2017-06-13T00:00:00
db:	CNNVD	id:	CNNVD-201705-558	date:	2019-06-10T00:00:00
db:	NVD	id:	CVE-2016-9250	date:	2024-11-21T03:00:51.030

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-98070	date:	2017-05-10T00:00:00
db:	BID	id:	98478	date:	2017-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2016-008581	date:	2017-06-13T00:00:00
db:	CNNVD	id:	CNNVD-201705-558	date:	2017-05-11T00:00:00
db:	NVD	id:	CVE-2016-9250	date:	2017-05-10T14:29:00.627