CVE-2016-5020

CWE-2643 documents3 sources

Severity

8.8HIGH

EPSS

1.8%

top 17.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +11 more

Timeline

PublishedJun 30

Latest updateMay 14

Description

F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages14 packages

▶NVDf5/big-ip_application_security_manager15 versions+14

▶NVDf5/big-ip_application_acceleration_manager11 versions+10

▶NVDf5/big-ip_analytics11 versions+10

▶NVDf5/big-ip_edge_gateway5 versions+4

▶NVDf5/big-ip_webaccelerator5 versions+4

🔴Vulnerability Details

GHSA

GHSA-hw2w-gq5m-r79r: F5 BIG-IP before 12↗2022-05-14

▶

CVEList

CVE-2016-5020: F5 BIG-IP before 12↗2016-06-30

▶