CVE-2016-2084

F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration.

CVSS v3.0 7.4 HIGH
CVSS v2.0 4.0 MEDIUM

7.4^/10

CVSS v3.0 : HIGH

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Exploitability : 2.2 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:P

Exploitability : 4.9 / Impact : 4.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://support.f5.com/kb/en-us/solutions/public/k/11/sol11772107.html	Vendor Advisory
http://www.securitytracker.com/id/1035520

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:f5:big-iq_security:4.5.0:::::::*
	cpe:2.3:a:f5:big-iq_security:4.4.0:::::::*
	cpe:2.3:a:f5:big-iq_security:4.2.0:::::::*
	cpe:2.3:a:f5:big-iq_security:4.3.0:::::::*

Configuration 2 (hide)

cpe:2.3:a:f5:big-ip_webaccelerator:11.3.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:a:f5:big-ip_application_security_manager:11.5.4:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.5.3:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.4.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.3.0:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.4.1:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.5.2:::::::*
	cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.1:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.0:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:::::::*
	cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:::::::*
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.3:::::::*
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.2:::::::*
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:::::::*
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.0:::::::*
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.4:::::::*
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.1:::::::*
	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0:::::::*

Configuration 6 (hide)

OR	cpe:2.3:a:f5:big-iq_cloud:4.5.0:::::::*
	cpe:2.3:a:f5:big-iq_cloud:4.4.0:::::::*
	cpe:2.3:a:f5:big-iq_cloud:4.3.0:::::::*
	cpe:2.3:a:f5:big-iq_cloud:4.2.0:::::::*

Configuration 7 (hide)

cpe:2.3:a:f5:big-iq_application_delivery_controller:4.5.0:*:*:*:*:*:*:*

Configuration 8 (hide)

OR	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.3:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.2:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.1:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.3.0:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.4:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.0:::::::*

Configuration 9 (hide)

OR	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.4:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.3:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.3.0:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.1:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.2:::::::*
	cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.0:::::::*

Configuration 10 (hide)

OR	cpe:2.3:a:f5:big-iq_device:4.5.0:::::::*
	cpe:2.3:a:f5:big-iq_device:4.4.0:::::::*
	cpe:2.3:a:f5:big-iq_device:4.2.0:::::::*
	cpe:2.3:a:f5:big-iq_device:4.3.0:::::::*

Configuration 11 (hide)

cpe:2.3:a:f5:big-ip_edge_gateway:11.3.0:*:*:*:*:*:*:*

Configuration 12 (hide)

OR	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.4:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.1:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.3:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.2:::::::*
	cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:::::::*

Configuration 13 (hide)

cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.3.0:*:*:*:*:*:*:*

Configuration 14 (hide)

OR	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.1:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.3:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.0:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.4:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:::::::*
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:::::::*

Configuration 15 (hide)

OR	cpe:2.3:a:f5:big-ip_link_controller:12.0.0:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.6.0:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.5.3:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.5.2:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.4.0:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.5.4:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.4.1:::::::*
	cpe:2.3:a:f5:big-ip_link_controller:11.3.0:::::::*

Configuration 16 (hide)

OR	cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.0:::::::*
	cpe:2.3:a:f5:big-ip_protocol_security_module:11.3.0:::::::*

Configuration 17 (hide)

OR	cpe:2.3:a:f5:big-ip_analytics:11.5.2:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.5.1:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.5.0:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.4.1:::::::*
	cpe:2.3:a:f5:big-ip_analytics:12.0.0:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.5.3:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.4.0:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.5.4:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.6.0:::::::*
	cpe:2.3:a:f5:big-ip_analytics:11.3.0:::::::*

Configuration 18 (hide)

cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*

Information

Published : 2016-04-13 09:59

Updated : 2016-04-21 07:02

NVD link : CVE-2016-2084

Mitre link : CVE-2016-2084

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

big-ip_wan_optimization_manager
big-ip_domain_name_system
big-ip_global_traffic_manager
big-ip_link_controller
big-ip_advanced_firewall_manager
big-iq_application_delivery_controller
big-iq_cloud
big-ip_edge_gateway
big-ip_protocol_security_module
big-ip_webaccelerator
big-ip_application_security_manager
big-iq_device
big-ip_access_policy_manager
big-ip_local_traffic_manager
big-ip_application_acceleration_manager
big-ip_analytics
big-iq_security
big-ip_policy_enforcement_manager

7.4 /10

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

4.0 /10

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2016-2084

7.4^/10

4.0^/10

Attach tags to `CVE-2016-2084`