CVE-2016-2084
7.4
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
Exploitability: 2.2 / Impact: 5.2
Source: NVD
Description
F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration.
Affected (106)
Products: F5: Big Iq Security, Big Ip Webaccelerator, Big Ip Application Security Manager, Big Ip Access Policy Manager, Big Ip Policy Enforcement Manager, Big Iq Cloud, Big Iq Application Delivery Controller, Big Ip Global Traffic Manager, Big Ip Local Traffic Manager, Big Iq Device, Big Ip Edge Gateway, Big Ip Application Acceleration Manager, Big Ip Wan Optimization Manager, Big Ip Advanced Firewall Manager, Big Ip Link Controller, Big Ip Protocol Security Module, Big Ip Analytics, Big Ip Domain Name System
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.2.0 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.2.0 |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.5.0 |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.2.0 |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.4.1 |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Version 12.0.0 |
References (4)
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.