Denial of service in F5 Networks products - CVE-2016-5024
Published: January 3, 2017 / Updated: January 4, 2017
Vulnerability identifier: #VU3359
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-5024
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: F5 Networks
Affected software:
BIG-IP PEM
BIG-IP GTM
BIG-IP ASM
BIG-IP APM
BIG-IP Analytics
BIG-IP AFM
BIG-IP LTM
BIG-IP Link Controller
BIG-IP DNS
BIG-IP AAM
BIG-IP
BIG-IP PEM
BIG-IP GTM
BIG-IP ASM
BIG-IP APM
BIG-IP Analytics
BIG-IP AFM
BIG-IP LTM
BIG-IP Link Controller
BIG-IP DNS
BIG-IP AAM
BIG-IP
Detailed vulnerability description
The vulnerability allows a remote attacker to cause denial of service conditions.
The vulnerability exists due to an input validation error within virtual server when parsing RADIUS messages via an iRule. A remote attacker can send specially crafted network packets to vulnerable device and cause denial of service.
Successful exploitation of the vulnerability may allow an attacker to cause Traffic Management Microkernel (TMM) process to stop responding.
The vulnerability exists due to an input validation error within virtual server when parsing RADIUS messages via an iRule. A remote attacker can send specially crafted network packets to vulnerable device and cause denial of service.
Successful exploitation of the vulnerability may allow an attacker to cause Traffic Management Microkernel (TMM) process to stop responding.
How to mitigate CVE-2016-5024
Install patch from vendor's website.