#VU3359 Denial of service in F5 Networks products - CVE-2016-5024
Published: January 3, 2017 / Updated: January 4, 2017
Vulnerability identifier: #VU3359
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2016-5024
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
BIG-IP PEM
BIG-IP GTM
BIG-IP ASM
BIG-IP APM
BIG-IP Analytics
BIG-IP AFM
BIG-IP LTM
BIG-IP Link Controller
BIG-IP DNS
BIG-IP AAM
BIG-IP
BIG-IP PEM
BIG-IP GTM
BIG-IP ASM
BIG-IP APM
BIG-IP Analytics
BIG-IP AFM
BIG-IP LTM
BIG-IP Link Controller
BIG-IP DNS
BIG-IP AAM
BIG-IP
Software vendor:
F5 Networks
F5 Networks
Description
The vulnerability allows a remote attacker to cause denial of service conditions.
The vulnerability exists due to an input validation error within virtual server when parsing RADIUS messages via an iRule. A remote attacker can send specially crafted network packets to vulnerable device and cause denial of service.
Successful exploitation of the vulnerability may allow an attacker to cause Traffic Management Microkernel (TMM) process to stop responding.
The vulnerability exists due to an input validation error within virtual server when parsing RADIUS messages via an iRule. A remote attacker can send specially crafted network packets to vulnerable device and cause denial of service.
Successful exploitation of the vulnerability may allow an attacker to cause Traffic Management Microkernel (TMM) process to stop responding.
Remediation
Install patch from vendor's website.