Information Disclosure Vulnerability in F5 BIG-IP Devices
CVE-2016-7474

5.5MEDIUM

Key Information:

Vendor

F5 Networks

Status
F5 Big-ip Ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Gtm, Link Controller, Pem
Vendor
CVE Published:
27 March 2017

What is CVE-2016-7474?

In certain circumstances, the MCPD binary cache on F5 BIG-IP devices may permit users with Advanced Shell access, or those who can generate a qkview, to access currently unrecoverable information. This can pose a significant risk, as unauthorized individuals may gain sensitive information that is typically protected and not accessible in standard operations. Proper security measures should be in place to mitigate any potential exploitation of this vulnerability.

Affected Version(s)

F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM 10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.2.1, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.6.0, 11.6.1, 12.0.0, 12.1.0, 12.1.1

References

https://support.f5.com/csp/article/K52180214
x_refsource_CONFIRM
http://www.securityfocus.com/bid/97198
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1038133
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.