CVE-2016-5745
critical
CVSS v3
9.8
CVSS v2
10.0
VIR risk
9.8
Description
F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modify or extract system configuration files via vectors involving NAT64.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — https://support.f5.com/kb/en-us/solutions/public/k/64/sol64743453.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| f5 | big-ip_local_traffic_manager | 11.0.0 | |
| f5 | big-ip_local_traffic_manager | 11.1.0 | |
| f5 | big-ip_local_traffic_manager | 11.2.0 | |
| f5 | big-ip_local_traffic_manager | 11.2.1 | |
| f5 | big-ip_local_traffic_manager | 11.3.0 | |
| f5 | big-ip_local_traffic_manager | 11.4.0 | |
| f5 | big-ip_local_traffic_manager | 11.4.1 | |
| f5 | big-ip_local_traffic_manager | 11.5.0 | |
| f5 | big-ip_local_traffic_manager | 11.5.1 | |
| f5 | big-ip_local_traffic_manager | 11.5.2 | |
| f5 | big-ip_local_traffic_manager | 11.5.3 | |
| f5 | big-ip_local_traffic_manager | 11.5.4 | |
| f5 | big-ip_local_traffic_manager | 11.6.0 | |
| f5 | big-ip_local_traffic_manager | 11.6.1 | |
| f5 | big-ip_local_traffic_manager | 12.0.0 | |
| f5 | big-ip_local_traffic_manager | 12.1.0 | |
References
CWEs
CWE-284
Verify integrity in audit chain (admin only). AS-IS.