CVE-2016-7474

CWE-200 — Information Exposure4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 71.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +11 more

Timeline

PublishedMar 27

Latest updateMay 14

Description

In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporarily obtain normally unrecoverable information.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages14 packages

▶NVDf5/big-ip_access_policy_manager13 versions+12

▶NVDf5/big-ip_advanced_firewall_manager12 versions+11

▶NVDf5/big-ip_websafe5 versions+4

▶NVDf5/big-ip_analytics13 versions+12

▶NVDf5/big-ip_edge_gateway11.2.1

🔴Vulnerability Details

GHSA

GHSA-4hch-v4cq-frwf: In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporari↗2022-05-14

▶

CVEList

CVE-2016-7474: In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges to generate a qkview, to temporari↗2017-03-27

▶

📋Vendor Advisories

CVE-2016-7474: In some cases the MCPD binary cache in F5 BIG-IP devices may allow a user with Advanced Shell access, or privileges t...↗2017-03-27

▶