CVE-2016-5700
Last modified
CVE-2016-5700 is a vulnerability of currently unknown severity. Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors.. EPSS estimates a 6.42% chance of exploitation in the next 30 days.
Description
Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Policy Enforcement Manager | 11.5.0 |
| F5 | Big-Ip Policy Enforcement Manager | 11.5.1 |
| F5 | Big-Ip Policy Enforcement Manager | 11.5.2 |
| F5 | Big-Ip Policy Enforcement Manager | 11.5.3 |
| F5 | Big-Ip Policy Enforcement Manager | 11.5.4 |
| F5 | Big-Ip Policy Enforcement Manager | 11.6.0 |
| F5 | Big-Ip Policy Enforcement Manager | 11.6.1 |
| F5 | Big-Ip Policy Enforcement Manager | 12.0.0 |
| F5 | Big-Ip Policy Enforcement Manager | 12.1.0 |
| F5 | Big-Ip Local Traffic Manager | 11.5.0 |
| F5 | Big-Ip Local Traffic Manager | 11.5.1 |
| F5 | Big-Ip Local Traffic Manager | 11.5.2 |
| F5 | Big-Ip Local Traffic Manager | 11.5.3 |
| F5 | Big-Ip Local Traffic Manager | 11.5.4 |
| F5 | Big-Ip Local Traffic Manager | 11.6.0 |
| F5 | Big-Ip Local Traffic Manager | 11.6.1 |
| F5 | Big-Ip Local Traffic Manager | 12.0.0 |
| F5 | Big-Ip Local Traffic Manager | 12.1.0 |
| F5 | Big-Ip Websafe | 11.6.0 |
| F5 | Big-Ip Websafe | 11.6.1 |
| F5 | Big-Ip Websafe | 12.0.0 |
| F5 | Big-Ip Websafe | 12.1.0 |
| F5 | Big-Ip Link Controller | 11.5.0 |
| F5 | Big-Ip Link Controller | 11.5.1 |
| F5 | Big-Ip Link Controller | 11.5.2 |
| F5 | Big-Ip Link Controller | 11.5.3 |
| F5 | Big-Ip Link Controller | 11.5.4 |
| F5 | Big-Ip Link Controller | 11.6.0 |
| F5 | Big-Ip Link Controller | 11.6.1 |
| F5 | Big-Ip Link Controller | 12.0.0 |
| F5 | Big-Ip Link Controller | 12.1.0 |
| F5 | Big-Ip Application Acceleration Manager | 11.5.0 |
| F5 | Big-Ip Application Acceleration Manager | 11.5.1 |
| F5 | Big-Ip Application Acceleration Manager | 11.5.2 |
| F5 | Big-Ip Application Acceleration Manager | 11.5.3 |
| F5 | Big-Ip Application Acceleration Manager | 11.5.4 |
| F5 | Big-Ip Application Acceleration Manager | 11.6.0 |
| F5 | Big-Ip Application Acceleration Manager | 11.6.1 |
| F5 | Big-Ip Application Acceleration Manager | 12.0.0 |
| F5 | Big-Ip Application Acceleration Manager | 12.1.0 |
| F5 | Big-Ip Access Policy Manager | 11.5.0 |
| F5 | Big-Ip Access Policy Manager | 11.5.1 |
| F5 | Big-Ip Access Policy Manager | 11.5.2 |
| F5 | Big-Ip Access Policy Manager | 11.5.3 |
| F5 | Big-Ip Access Policy Manager | 11.5.4 |
| F5 | Big-Ip Access Policy Manager | 11.6.0 |
| F5 | Big-Ip Access Policy Manager | 11.6.1 |
| F5 | Big-Ip Access Policy Manager | 12.0.0 |
| F5 | Big-Ip Access Policy Manager | 12.1.0 |
| F5 | Big-Ip Advanced Firewall Manager | 11.5.0 |
Showing 50 of 67 affected configurations. See NVD for the full list.
References
- http://www.securitytracker.com/id/1036928Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1036928Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-5700?
How severe is CVE-2016-5700?
How do I fix CVE-2016-5700?
Are you affected by CVE-2016-5700?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST