Lucene search

[email protected]CVE-2016-5020

HistoryJun 30, 2016 - 5:59 p.m.

CVE-2016-5020

2016-06-3017:59:08

CWE-264

[email protected]

web.nvd.nist.gov

big-ip

cve-2016-5020

vulnerability

privilege escalation

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.6%

JSON

F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script.

Affected configurations

NVD

Node

f5big-ip_wan_optimization_managerMatch10.2.1

f5big-ip_wan_optimization_managerMatch10.2.2

f5big-ip_wan_optimization_managerMatch10.2.3

f5big-ip_wan_optimization_managerMatch10.2.4

f5big-ip_wan_optimization_managerMatch11.2.1

Node

f5big-ip_protocol_security_moduleMatch10.2.1

f5big-ip_protocol_security_moduleMatch10.2.2

f5big-ip_protocol_security_moduleMatch10.2.3

f5big-ip_protocol_security_moduleMatch10.2.4

f5big-ip_protocol_security_moduleMatch11.4.0

f5big-ip_protocol_security_moduleMatch11.4.1

Node

f5big-ip_application_acceleration_managerMatch11.4.0

f5big-ip_application_acceleration_managerMatch11.4.1

f5big-ip_application_acceleration_managerMatch11.5.0

f5big-ip_application_acceleration_managerMatch11.5.1

f5big-ip_application_acceleration_managerMatch11.5.2

f5big-ip_application_acceleration_managerMatch11.5.3

f5big-ip_application_acceleration_managerMatch11.5.4

f5big-ip_application_acceleration_managerMatch11.6.0

f5big-ip_application_acceleration_managerMatch11.6.1

f5big-ip_application_acceleration_managerMatch12.0.0

f5big-ip_application_acceleration_managerMatch12.1.0

Node

f5big-ip_edge_gatewayMatch10.2.1

f5big-ip_edge_gatewayMatch10.2.2

f5big-ip_edge_gatewayMatch10.2.3

f5big-ip_edge_gatewayMatch10.2.4

f5big-ip_edge_gatewayMatch11.2.1

Node

f5big-ip_webacceleratorMatch10.2.1

f5big-ip_webacceleratorMatch10.2.2

f5big-ip_webacceleratorMatch10.2.3

f5big-ip_webacceleratorMatch10.2.4

f5big-ip_webacceleratorMatch11.2.1

Node

f5big-ip_domain_name_systemMatch12.0.0

Node

f5big-ip_access_policy_managerMatch11.6.0

f5big-ip_analyticsMatch11.2.1

f5big-ip_analyticsMatch11.4.0

f5big-ip_analyticsMatch11.4.1

f5big-ip_analyticsMatch11.5.0

f5big-ip_analyticsMatch11.5.1

f5big-ip_analyticsMatch11.5.2

f5big-ip_analyticsMatch11.5.3

f5big-ip_analyticsMatch11.5.4

f5big-ip_analyticsMatch11.6.0

f5big-ip_analyticsMatch11.6.1

f5big-ip_analyticsMatch12.0.0

Node

f5big-ip_access_policy_managerMatch10.2.1

f5big-ip_access_policy_managerMatch10.2.2

f5big-ip_access_policy_managerMatch10.2.3

f5big-ip_access_policy_managerMatch10.2.4

f5big-ip_access_policy_managerMatch11.2.1

f5big-ip_access_policy_managerMatch11.4.0

f5big-ip_access_policy_managerMatch11.4.1

f5big-ip_access_policy_managerMatch11.5.0

f5big-ip_access_policy_managerMatch11.5.1

f5big-ip_access_policy_managerMatch11.5.2

f5big-ip_access_policy_managerMatch11.5.3

f5big-ip_access_policy_managerMatch11.5.4

f5big-ip_access_policy_managerMatch11.6.0

f5big-ip_access_policy_managerMatch11.6.1

f5big-ip_access_policy_managerMatch12.0.0

Node

f5big-ip_link_controllerMatch10.2.1

f5big-ip_link_controllerMatch10.2.2

f5big-ip_link_controllerMatch10.2.3

f5big-ip_link_controllerMatch10.2.4

f5big-ip_link_controllerMatch11.2.1

f5big-ip_link_controllerMatch11.4.0

f5big-ip_link_controllerMatch11.4.1

f5big-ip_link_controllerMatch11.5.0

f5big-ip_link_controllerMatch11.5.1

f5big-ip_link_controllerMatch11.5.2

f5big-ip_link_controllerMatch11.5.3

f5big-ip_link_controllerMatch11.5.4

f5big-ip_link_controllerMatch11.6.0

f5big-ip_link_controllerMatch11.6.1

f5big-ip_link_controllerMatch12.0.0

Node

f5big-ip_local_traffic_managerMatch10.2.1

f5big-ip_local_traffic_managerMatch10.2.2

f5big-ip_local_traffic_managerMatch10.2.3

f5big-ip_local_traffic_managerMatch10.2.4

f5big-ip_local_traffic_managerMatch11.2.1

f5big-ip_local_traffic_managerMatch11.4.0

f5big-ip_local_traffic_managerMatch11.4.1

f5big-ip_local_traffic_managerMatch11.5.0

f5big-ip_local_traffic_managerMatch11.5.1

f5big-ip_local_traffic_managerMatch11.5.2

f5big-ip_local_traffic_managerMatch11.5.3

f5big-ip_local_traffic_managerMatch11.5.4

f5big-ip_local_traffic_managerMatch11.6.0

f5big-ip_local_traffic_managerMatch11.6.1

f5big-ip_local_traffic_managerMatch12.0.0

Node

f5big-ip_advanced_firewall_managerMatch11.4.0

f5big-ip_advanced_firewall_managerMatch11.4.1

f5big-ip_advanced_firewall_managerMatch11.5.0

f5big-ip_advanced_firewall_managerMatch11.5.1

f5big-ip_advanced_firewall_managerMatch11.5.2

f5big-ip_advanced_firewall_managerMatch11.5.3

f5big-ip_advanced_firewall_managerMatch11.5.4

f5big-ip_advanced_firewall_managerMatch11.6.0

f5big-ip_advanced_firewall_managerMatch11.6.1

f5big-ip_advanced_firewall_managerMatch12.0.0

Node

f5big-ip_policy_enforcement_managerMatch11.4.0

f5big-ip_policy_enforcement_managerMatch11.4.1

f5big-ip_policy_enforcement_managerMatch11.5.0

f5big-ip_policy_enforcement_managerMatch11.5.1

f5big-ip_policy_enforcement_managerMatch11.5.2

f5big-ip_policy_enforcement_managerMatch11.5.3

f5big-ip_policy_enforcement_managerMatch11.5.4

f5big-ip_policy_enforcement_managerMatch11.6.0

f5big-ip_policy_enforcement_managerMatch11.6.1

f5big-ip_policy_enforcement_managerMatch12.0.0

f5big-ip_protocol_security_moduleMatch11.3.0

Node

f5big-ip_global_traffic_managerMatch10.2.1

f5big-ip_global_traffic_managerMatch10.2.2

f5big-ip_global_traffic_managerMatch10.2.3

f5big-ip_global_traffic_managerMatch10.2.4

f5big-ip_global_traffic_managerMatch11.2.1

f5big-ip_global_traffic_managerMatch11.4.0

f5big-ip_global_traffic_managerMatch11.4.1

f5big-ip_global_traffic_managerMatch11.5.0

f5big-ip_global_traffic_managerMatch11.5.1

f5big-ip_global_traffic_managerMatch11.5.2

f5big-ip_global_traffic_managerMatch11.5.3

f5big-ip_global_traffic_managerMatch11.5.4

f5big-ip_global_traffic_managerMatch11.6.0

f5big-ip_global_traffic_managerMatch11.6.1

Node

f5big-ip_application_security_managerMatch10.2.1

f5big-ip_application_security_managerMatch10.2.2

f5big-ip_application_security_managerMatch10.2.3

f5big-ip_application_security_managerMatch10.2.4

f5big-ip_application_security_managerMatch11.2.1

f5big-ip_application_security_managerMatch11.4.0

f5big-ip_application_security_managerMatch11.4.1

f5big-ip_application_security_managerMatch11.5.0

f5big-ip_application_security_managerMatch11.5.1

f5big-ip_application_security_managerMatch11.5.2

f5big-ip_application_security_managerMatch11.5.3

f5big-ip_application_security_managerMatch11.5.4

f5big-ip_application_security_managerMatch11.6.0

f5big-ip_application_security_managerMatch11.6.1

f5big-ip_application_security_managerMatch12.0.0

CPENameOperatorVersion
f5:big-ip_wan_optimization_managerf5 big-ip wan optimization managereq10.2.1
f5:big-ip_wan_optimization_managerf5 big-ip wan optimization managereq10.2.2
f5:big-ip_wan_optimization_managerf5 big-ip wan optimization managereq10.2.3
f5:big-ip_wan_optimization_managerf5 big-ip wan optimization managereq10.2.4
f5:big-ip_wan_optimization_managerf5 big-ip wan optimization managereq11.2.1

CPE	Name	Operator	Version
f5:big-ip_wan_optimization_manager	f5 big-ip wan optimization manager	eq	10.2.1
f5:big-ip_wan_optimization_manager	f5 big-ip wan optimization manager	eq	10.2.2
f5:big-ip_wan_optimization_manager	f5 big-ip wan optimization manager	eq	10.2.3
f5:big-ip_wan_optimization_manager	f5 big-ip wan optimization manager	eq	10.2.4
f5:big-ip_wan_optimization_manager	f5 big-ip wan optimization manager	eq	11.2.1

References

www.securityfocus.com/bid/91532

www.securitytracker.com/id/1036131

support.f5.com/kb/en-us/solutions/public/k/00/sol00265182.html

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.6%

JSON

Related for CVE-2016-5020

f52 prion1 openvas1 cvelist1 nessus1 nvd1