Privilege escalation in F5 Networks products - CVE-2016-9251
Published: May 12, 2017
Vulnerability identifier: #VU6530
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-9251
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: F5 Networks
Affected software:
BIG-IP AAM
BIG-IP DNS
BIG-IP Link Controller
BIG-IP AFM
BIG-IP Analytics
BIG-IP APM
BIG-IP ASM
BIG-IP LTM
BIG-IP PEM
BIG-IP WebSafe
BIG-IP AAM
BIG-IP DNS
BIG-IP Link Controller
BIG-IP AFM
BIG-IP Analytics
BIG-IP APM
BIG-IP ASM
BIG-IP LTM
BIG-IP PEM
BIG-IP WebSafe
Detailed vulnerability description
The vulnerability allows a remote authenticated user to gain elevated privileges on the target system.
The weakness exists due to insufficient security controls. A remote attacker can use a specially crafted iControl REST connection, gain elevated privileges and conduct further attacks.
Successful exploitation of the vulnerability may result in access to the system.
The weakness exists due to insufficient security controls. A remote attacker can use a specially crafted iControl REST connection, gain elevated privileges and conduct further attacks.
Successful exploitation of the vulnerability may result in access to the system.
How to mitigate CVE-2016-9251
Install update from vendor's website.