CVE-2016-5024

EPSS 1.34%
Published 03.01.2017 21:59:00
Last modified 12.04.2025 10:46:40
Source f5sirt@f5.com
Teams watchlist Login
Open Login

Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configured to parse RADIUS messages via an iRule, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) via crafted network traffic.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

F5 ≫ Big-ip Local Traffic Manager Version11.6.1

F5 ≫ Big-ip Local Traffic Manager Version12.1.0

F5 ≫ Big-ip Local Traffic Manager Version12.1.1

F5 ≫ Big-ip Application Acceleration Manager Version11.6.1

F5 ≫ Big-ip Application Acceleration Manager Version12.1.0

F5 ≫ Big-ip Application Acceleration Manager Version12.1.1

F5 ≫ Big-ip Advanced Firewall Manager Version11.6.1

F5 ≫ Big-ip Advanced Firewall Manager Version12.1.0

F5 ≫ Big-ip Advanced Firewall Manager Version12.1.1

F5 ≫ Big-ip Analytics Version11.6.1

F5 ≫ Big-ip Analytics Version12.1.0

F5 ≫ Big-ip Analytics Version12.1.1

F5 ≫ Big-ip Access Policy Manager Version11.6.1

F5 ≫ Big-ip Access Policy Manager Version12.1.0

F5 ≫ Big-ip Access Policy Manager Version12.1.1

F5 ≫ Big-ip Application Security Manager Version11.6.1

F5 ≫ Big-ip Application Security Manager Version12.1.0

F5 ≫ Big-ip Application Security Manager Version12.1.1

F5 ≫ Big-ip Domain Name System Version12.1.0

F5 ≫ Big-ip Domain Name System Version12.1.1

F5 ≫ Big-ip Global Traffic Manager Version11.6.1

F5 ≫ Big-ip Link Controller Version11.6.1

F5 ≫ Big-ip Link Controller Version12.1.0

F5 ≫ Big-ip Link Controller Version12.1.1

F5 ≫ Big-ip Policy Enforcement Manager Version11.6.1

F5 ≫ Big-ip Policy Enforcement Manager Version12.1.0

F5 ≫ Big-ip Policy Enforcement Manager Version12.1.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.34%	0.782

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/bid/95228

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1037510

Third Party Advisory

VDB Entry

https://support.f5.com/csp/#/article/K92859602

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2016-5024

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2016-5024

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2016-5024

EUVD