CVE-2016-9250

CWE-2644 documents4 sources

Severity

7.5HIGH

EPSS

0.6%

top 30.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Networks, Inc. Big-ip F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager +12 more

Timeline

PublishedMay 10

Latest updateMay 14

Description

In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages15 packages

▶NVDf5/big-ip_link_controller14 versions+13

▶NVDf5/big-ip_access_policy_manager14 versions+13

▶NVDf5/big-ip_websafe6 versions+5

▶NVDf5/big-ip_analytics14 versions+13

▶NVDf5/big-ip_edge_gateway11.2.1

🔴Vulnerability Details

GHSA

GHSA-h8x9-x46f-hvh4: In F5 BIG-IP 11↗2022-05-14

▶

CVEList

CVE-2016-9250: In F5 BIG-IP 11↗2017-05-10

▶

📋Vendor Advisories

CVE-2016-9250: In F5 BIG-IP 11↗2017-05-10

▶