CVE-2016-2084

13.04.2016, 16:59

F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.4 HIGH	NETWORK	HIGH	NONE	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 62%

Vendor	Product	Version
f5	big-iq_security	4.2.0
f5	big-iq_security	4.3.0
f5	big-iq_security	4.4.0
f5	big-iq_security	4.5.0
f5	big-ip_webaccelerator	11.3.0
f5	big-ip_application_security_manager	11.3.0
f5	big-ip_application_security_manager	11.4.0
f5	big-ip_application_security_manager	11.4.1
f5	big-ip_application_security_manager	11.5.0
f5	big-ip_application_security_manager	11.5.1
f5	big-ip_application_security_manager	11.5.2
f5	big-ip_application_security_manager	11.5.3
f5	big-ip_application_security_manager	11.5.4
f5	big-ip_application_security_manager	11.6.0
f5	big-ip_application_security_manager	12.0.0
f5	big-ip_access_policy_manager	11.3.0
f5	big-ip_access_policy_manager	11.4.0
f5	big-ip_access_policy_manager	11.4.1
f5	big-ip_access_policy_manager	11.5.0
f5	big-ip_access_policy_manager	11.5.1
f5	big-ip_access_policy_manager	11.5.2
f5	big-ip_access_policy_manager	11.5.3
f5	big-ip_access_policy_manager	11.5.4
f5	big-ip_access_policy_manager	11.6.0
f5	big-ip_access_policy_manager	12.0.0
f5	big-ip_policy_enforcement_manager	11.3.0
f5	big-ip_policy_enforcement_manager	11.4.0
f5	big-ip_policy_enforcement_manager	11.4.1
f5	big-ip_policy_enforcement_manager	11.5.0
f5	big-ip_policy_enforcement_manager	11.5.1
f5	big-ip_policy_enforcement_manager	11.5.2
f5	big-ip_policy_enforcement_manager	11.5.3
f5	big-ip_policy_enforcement_manager	11.5.4
f5	big-ip_policy_enforcement_manager	11.6.0
f5	big-ip_policy_enforcement_manager	12.0.0
f5	big-iq_cloud	4.2.0
f5	big-iq_cloud	4.3.0
f5	big-iq_cloud	4.4.0
f5	big-iq_cloud	4.5.0
f5	big-iq_application_delivery_controller	4.5.0
f5	big-ip_global_traffic_manager	11.3.0
f5	big-ip_global_traffic_manager	11.4.0
f5	big-ip_global_traffic_manager	11.4.1
f5	big-ip_global_traffic_manager	11.5.0
f5	big-ip_global_traffic_manager	11.5.1
f5	big-ip_global_traffic_manager	11.5.2
f5	big-ip_global_traffic_manager	11.5.3
f5	big-ip_global_traffic_manager	11.5.4
f5	big-ip_global_traffic_manager	11.6.0
f5	big-ip_local_traffic_manager	11.3.0
f5	big-ip_local_traffic_manager	11.4.0
f5	big-ip_local_traffic_manager	11.4.1
f5	big-ip_local_traffic_manager	11.5.0
f5	big-ip_local_traffic_manager	11.5.1
f5	big-ip_local_traffic_manager	11.5.2
f5	big-ip_local_traffic_manager	11.5.3
f5	big-ip_local_traffic_manager	11.5.4
f5	big-ip_local_traffic_manager	11.6.0
f5	big-ip_local_traffic_manager	12.0.0
f5	big-iq_device	4.2.0
f5	big-iq_device	4.3.0
f5	big-iq_device	4.4.0
f5	big-iq_device	4.5.0
f5	big-ip_edge_gateway	11.3.0
f5	big-ip_application_acceleration_manager	11.4.1
f5	big-ip_application_acceleration_manager	11.5.0
f5	big-ip_application_acceleration_manager	11.5.1
f5	big-ip_application_acceleration_manager	11.5.2
f5	big-ip_application_acceleration_manager	11.5.3
f5	big-ip_application_acceleration_manager	11.5.4
f5	big-ip_application_acceleration_manager	11.6.0
f5	big-ip_application_acceleration_manager	12.0.0
f5	big-ip_wan_optimization_manager	11.3.0
f5	big-ip_advanced_firewall_manager	11.3.0
f5	big-ip_advanced_firewall_manager	11.4.0
f5	big-ip_advanced_firewall_manager	11.4.1
f5	big-ip_advanced_firewall_manager	11.5.0
f5	big-ip_advanced_firewall_manager	11.5.1
f5	big-ip_advanced_firewall_manager	11.5.2
f5	big-ip_advanced_firewall_manager	11.5.3
f5	big-ip_advanced_firewall_manager	11.5.4
f5	big-ip_advanced_firewall_manager	11.6.0
f5	big-ip_advanced_firewall_manager	12.0.0
f5	big-ip_link_controller	11.3.0
f5	big-ip_link_controller	11.4.0
f5	big-ip_link_controller	11.4.1
f5	big-ip_link_controller	11.5.0
f5	big-ip_link_controller	11.5.1
f5	big-ip_link_controller	11.5.2
f5	big-ip_link_controller	11.5.3
f5	big-ip_link_controller	11.5.4
f5	big-ip_link_controller	11.6.0
f5	big-ip_link_controller	12.0.0
f5	big-ip_protocol_security_module	11.3.0
f5	big-ip_protocol_security_module	11.4.0
f5	big-ip_analytics	11.3.0
f5	big-ip_analytics	11.4.0
f5	big-ip_analytics	11.4.1
f5	big-ip_analytics	11.5.0
f5	big-ip_analytics	11.5.1
f5	big-ip_analytics	11.5.2
f5	big-ip_analytics	11.5.3
f5	big-ip_analytics	11.5.4
f5	big-ip_analytics	11.6.0
f5	big-ip_analytics	12.0.0
f5	big-ip_domain_name_system	12.0.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References

http://www.securitytracker.com/id/1035520

https://support.f5.com/kb/en-us/solutions/public/k/11/sol11772107.html

http://www.securitytracker.com/id/1035520

https://support.f5.com/kb/en-us/solutions/public/k/11/sol11772107.html