F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script.
No CVSS v3.1
Attack Vector Network
Attack Complexity Low
Privileges Required Low
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction None
Access Vector Network
Access Complexity Low
Authentication Single
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
AV:N/AC:L/Au:S/C:C/I:C/A:C
Vendors | Products |
---|---|
F5 |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
Configuration 5 [-]
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
|
Configuration 9 [-]
|
Configuration 10 [-]
|
Configuration 11 [-]
|
Configuration 12 [-]
|
Configuration 13 [-]
|
Configuration 14 [-]
|
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/91532 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1036131 | Third Party Advisory VDB Entry |
https://support.f5.com/kb/en-us/solutions/public/k/00/sol00265182.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2016-06-30T17:00:00
Updated: 2016-11-25T19:57:01
Reserved: 2016-05-24T00:00:00
Link: CVE-2016-5020
JSON object: View
NVD Information
Status : Analyzed
Published: 2016-06-30T17:59:08.970
Modified: 2019-06-06T15:11:36.407
Link: CVE-2016-5020
JSON object: View
Redhat Information
No data.
CWE