CVE-2016-5736

CWE-284 — Improper Access Control5 documents4 sources

Severity

7.5HIGH

EPSS

1.1%

top 21.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +12 more

Timeline

PublishedAug 19

Latest updateMay 14

Description

The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF2; BIG-IP DNS 12.x before 12.0.0 HF2; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.1 before HF16; BIG-IP GTM 11.2.1 before HF16, 11.4.x, 11.5.x before 11.5.4 HF2, and 11…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages15 packages

▶NVDf5/big-ip_edge_gateway11.2.1

▶NVDf5/big-ip_link_controller10 versions+9

▶NVDf5/big-ip_analytics10 versions+9

▶NVDf5/big-ip_webaccelerator11.2.1

▶NVDf5/big-ip_policy_enforcement_manager9 versions+8

🔴Vulnerability Details

GHSA

GHSA-82jp-wmcw-6247: The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11↗2022-05-14

▶

CVEList

CVE-2016-5736: The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11↗2016-08-19

▶

💥Exploits & PoCs

Exploit-DB

Fortinet FortiClient 5.2.3 (Windows 10 x64 Post-Anniversary) - Local Privilege Escalation↗2017-03-25

▶

Exploit-DB

Fortinet FortiClient 5.2.3 (Windows 10 x64 Pre-Anniversary) - Local Privilege Escalation↗2017-03-25

▶