CVE-2016-9247Improper Input Validation in F5 Big-ip Analytics

CWE-20Improper Input Validation4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.8%
top 26.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+7 more
Timeline
PublishedJan 10
Latest updateMay 17

Description

Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of packets may cause the Traffic Management Microkernel (TMM) to restart.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages10 packages

NVDf5/big-ip_analytics12.1.0, 12.1.1+1
NVDf5/big-ip_local_traffic_manager12.1.0, 12.1.1+1
NVDf5/big-ip_websafe12.1.0, 12.1.1+1
NVDf5/big-ip_link_controller12.1.0, 12.1.1+1
NVDf5/big-ip_domain_name_system12.1.0, 12.1.1+1

🔴Vulnerability Details

2
GHSA
GHSA-9xc5-rhr8-8cxf: Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of2022-05-17
CVEList
CVE-2016-9247: Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytics profile, a specific sequence of2017-01-10

📋Vendor Advisories

1
F5
CVE-2016-9247: Under certain conditions for BIG-IP systems using a virtual server with an associated FastL4 profile and TCP analytic...2017-01-10
CVE-2016-9247 — Improper Input Validation in F5 | cvebase