[Forgot Password]
Login  Register Subscribe

23631

 
 

126951

 
 

99602

 
 

909

 
 

80167

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2016-2084

Date: (C)2016-04-28   (M)2017-12-07 


F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration.

CVSS Score: 4.0Access Vector: NETWORK
Exploit Score: 4.9Access Complexity: HIGH
Impact Score: 4.9Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: NONE
 Availability: PARTIAL





Reference:
SECTRACK-1035520
https://support.f5.com/kb/en-us/solutions/public/k/11/sol11772107.html

CPE    106
cpe:/a:f5:big-ip_protocol_security_module:11.3.0
cpe:/a:f5:big-ip_protocol_security_module:11.4.0
cpe:/a:f5:big-iq_security:4.5.0
cpe:/a:f5:big-iq_device:4.3.0
...
CWE    1
CWE-200

© 2013 SecPod Technologies