CVE-2016-9250

high-risk

Published 2017-05-10

In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.

Do I need to act?

-

0.61% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Local Traffic Manager

Big-Ip Application Acceleration Manager

Big-Ip Application Acceleration Manager

Big-Ip Application Acceleration Manager

Big-Ip Application Acceleration Manager

Big-Ip Advanced Firewall Manager

Big-Ip Advanced Firewall Manager

Big-Ip Advanced Firewall Manager

Big-Ip Advanced Firewall Manager

Big-Ip Advanced Firewall Manager

Big-Ip Advanced Firewall Manager

Affected Vendors

F5

References (2)

Vendor Advisory https://support.f5.com/csp/article/K55792317

Vendor Advisory https://support.f5.com/csp/article/K55792317

60

/ 100

high-risk

Severity 26/34 · High

Exploitability 2/34 · Minimal

Exposure 32/34 · Critical