Certificate Management Vulnerability in F5 Products Across Multiple Platforms
CVE-2016-2084

7.4HIGH

Key Information:

Vendor
F5
Status
Big-iq Security
Vendor
CVE Published:
13 April 2016

Summary

A vulnerability exists in F5 BIG-IP products which fail to properly regenerate certificates and keys when deploying cloud images across AWS, Azure, or Verizon cloud services. This oversight allows attackers to exploit affected instances, potentially leading to unauthorized access to sensitive information or a denial of service by disrupting operational capabilities. Users are urged to apply patches promptly to mitigate any associated risks.

References

http://www.securitytracker.com/id/1035520
vdb-entryx_refsource_SECTRACK
https://support.f5.com/kb/en-us/solutions/public/k/11/sol...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.