Denial of Service Vulnerability in F5 BIG-IP Systems
CVE-2016-5024

5.9MEDIUM

Key Information:

Vendor

F5 Networks

Status
F5 Big-ip Ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Gtm, Link Controller, Pem
Vendor
CVE Published:
3 January 2017

What is CVE-2016-5024?

F5 BIG-IP systems prior to specific versions are susceptible to a denial of service vulnerability when configured to process RADIUS messages through iRules. This flaw enables remote attackers to exploit crafted network packets, resulting in a crash of the Traffic Management Microkernel, potentially disrupting service availability and impacting operational integrity.

Affected Version(s)

F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2

References

https://support.f5.com/csp/#/article/K92859602
x_refsource_CONFIRM
http://www.securityfocus.com/bid/95228
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037510
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.