CVE-2016-1497

CWE-200 — Information Exposure8 documents5 sources

Severity

4.9MEDIUM

EPSS

0.2%

top 53.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

14

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +11 more

Timeline

PublishedAug 26

Latest updateMay 14

Description

The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4 HF2, 1.6.x before 11.6.1, and 12.0.0 before HF1 allows remote administrators to read Access Policy Manager (APM) access logs via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages14 packages

▶NVDf5/big-ip_access_policy_manager14 versions+13

▶NVDf5/big-ip_policy_enforcement_manager10 versions+9

▶NVDf5/big-ip_local_traffic_manager14 versions+13

▶NVDf5/big-ip_global_traffic_manager13 versions+12

▶NVDf5/big-ip_wan_optimization_manager5 versions+4

🔴Vulnerability Details

2

GHSA

GHSA-j8x7-22p2-7554: The Configuration utility in F5 BIG-IP systems 11↗2022-05-14

▶

CVEList

CVE-2016-1497: The Configuration utility in F5 BIG-IP systems 11↗2016-08-26

▶

💥Exploits & PoCs

5

Exploit-DB

HP Client 9.1/9.0/8.1/7.9 - Command Injection↗2016-10-10

▶

Metasploit

Microsoft Exchange ProxyLogon Collector↗

▶

Metasploit

Microsoft Exchange ProxyLogon Scanner↗

▶

Metasploit

Microsoft Exchange ProxyShell RCE↗

▶

Metasploit

Microsoft Exchange ProxyLogon RCE↗

▶

CVE-2016-1497 (MEDIUM CVSS 4.9) | The Configuration utility in F5 BIG | cvebase.io