CVE-2016-9256 — Race Condition in Networks INC Big-ip

CWE-362 — Race Condition4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 54.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Networks INC Big-ip F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager +8 more

Timeline

PublishedMay 9

Latest updateMay 17

Description

In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl can lag behind the actual permissions assigned to a user if the role_map is not reloaded between the time the permissions are changed and the time of the user's next request. This is a race condition that occurs rarely in normal usage; the typical period in which this is possible is limited to at most a few seconds after the permission change.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages11 packages

▶NVDf5/big-ip_websafe4 versions+3

▶NVDf5/big-ip_analytics4 versions+3

▶CVEListV5f5_networks_inc/big-ip12.1.0-12.1.2

▶NVDf5/big-ip_link_controller4 versions+3

▶NVDf5/big-ip_domain_name_system4 versions+3

🔴Vulnerability Details

GHSA

GHSA-mxfw-ggfq-h96h: In F5 BIG-IP 12↗2022-05-17

▶

CVEList

CVE-2016-9256: In F5 BIG-IP 12↗2017-05-09

▶

📋Vendor Advisories

CVE-2016-9256: In F5 BIG-IP 12↗2017-05-09

▶