CVE-2016-4545 — Improper Input Validation in F5 Big-ip Global Traffic Manager

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.5HIGHNVD

EPSS

1.2%

top 21.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +6 more

Timeline

PublishedJun 7

Latest updateMay 17

Description

Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, allow remote attackers to cause a denial of service (resource consumption and Traffic Management Microkernel restart) via an SSL alert during the handshake.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

▶NVDf5/big-ip_local_traffic_manager11.5.4

▶NVDf5/big-ip_global_traffic_manager11.5.4

▶NVDf5/big-ip_analytics11.5.4

▶NVDf5/big-ip_link_controller11.5.4

▶NVDf5/big-ip_access_policy_manager11.5.4

🔴Vulnerability Details

GHSA

GHSA-r45x-6833-9cg3: Virtual servers in F5 BIG-IP 11↗2022-05-17

▶

CVEList

CVE-2016-4545: Virtual servers in F5 BIG-IP 11↗2016-06-07

▶