CVE-2016-5700Improper Access Control in F5 Big-ip Access Policy Manager

CWE-284Improper Access Control4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
5.6%
top 9.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Application Acceleration Manager+5 more
Timeline
PublishedOct 3
Latest updateMay 17

Description

Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

NVDf5/big-ip_websafe4 versions+3
NVDf5/big-ip_link_controller9 versions+8

🔴Vulnerability Details

3
GHSA
GHSA-84v3-68gr-f8mf: Virtual servers in F5 BIG-IP systems 112022-05-17
CVEList
CVE-2016-5700: Virtual servers in F5 BIG-IP systems 112016-10-03
VulnCheck
F5 big-ip_policy_enforcement_manager Improper Access Control2016
CVE-2016-5700 — Improper Access Control in F5 | cvebase