CVE-2016-9256
published 2017-05-09CVE-2016-9256: In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded…
high7.5CVSS 3.0
AVNACHPRLUINSUCHIHAH
In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change.
Affected
51 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-ip_aam | — | — |
| f5 | big-ip_access_policy_manager | — | — |
| f5 | big-ip_access_policy_manager | — | — |
| f5 | big-ip_access_policy_manager | — | — |
| f5 | big-ip_access_policy_manager | — | — |
| f5 | big-ip_advanced_firewall_manager | — | — |
| f5 | big-ip_advanced_firewall_manager | — | — |
| f5 | big-ip_advanced_firewall_manager | — | — |
| f5 | big-ip_advanced_firewall_manager | — | — |
| f5 | big-ip_afm | — | — |
| f5 | big-ip_analytics | — | — |
| f5 | big-ip_analytics | — | — |
| f5 | big-ip_analytics | — | — |
| f5 | big-ip_analytics | — | — |
| f5 | big-ip_analytics | — | — |
| f5 | big-ip_apm | — | — |
| f5 | big-ip_application_acceleration_manager | — | — |
| f5 | big-ip_application_acceleration_manager | — | — |
| f5 | big-ip_application_acceleration_manager | — | — |
| f5 | big-ip_application_acceleration_manager | — | — |
| f5 | big-ip_application_security_manager | — | — |
| f5 | big-ip_application_security_manager | — | — |
| f5 | big-ip_application_security_manager | — | — |
| f5 | big-ip_application_security_manager | — | — |
| f5 | big-ip_asm | — | — |