Vulnerability CVE-2016-7468
Published: 2017-03-23

Description:
An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to non-default setting "enabled". The default value for the tm.tcpprogressive db variable is "negotiate". An attacker may be able to disrupt traffic or cause the BIG-IP system to fail over to another device in the device group.

Type:

CWE-284

 (Improper Access Control)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
F5 -> Big-ip protocol security manager 
F5 -> Big-ip application security manager 
F5 -> Big-ip global traffic manager 
F5 -> Big-ip advanced firewall manager 
F5 -> Big-ip link controller 
F5 -> Big-ip access policy manager 
F5 -> Big-ip policy enforcement manager 
F5 -> Big-ip local traffic manager 
F5 -> Big-ip application acceleration manager 
F5 -> Big-ip analytics 
F5 -> Big-ip protocol security module 

 References:
http://www.securityfocus.com/bid/97119
http://www.securitytracker.com/id/1038121
https://support.f5.com/csp/article/K13053402
Copyright 2024, cxsecurity.com

 

Back to Top