Vulnerability Description
In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Local Traffic Manager | 11.2.1 |
| F5 | Big-Ip Application Acceleration Manager | 11.4.0 |
| F5 | Big-Ip Advanced Firewall Manager | 11.2.1 |
| F5 | Big-Ip Analytics | 11.2.1 |
| F5 | Big-Ip Access Policy Manager | 11.2.1 |
| F5 | Big-Ip Application Security Manager | 11.2.1 |
| F5 | Big-Ip Domain Name System | 12.0.0 |
| F5 | Big-Ip Edge Gateway | 11.2.1 |
| F5 | Big-Ip Global Traffic Manager | 11.2.1 |
| F5 | Big-Ip Link Controller | 11.2.1 |
| F5 | Big-Ip Policy Enforcement Manager | 11.4.0 |
| F5 | Big-Ip Protocol Security Module | 11.4.0 |
| F5 | Big-Ip Webaccelerator | 11.2.1 |
| F5 | Big-Ip Websafe | 11.6.0 |
Related Weaknesses (CWE)
References
- https://support.f5.com/csp/article/K55792317Vendor Advisory
- https://support.f5.com/csp/article/K55792317Vendor Advisory
FAQ
What is CVE-2016-9250?
CVE-2016-9250 is a vulnerability with a CVSS score of 7.5 (HIGH). In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.
How severe is CVE-2016-9250?
CVE-2016-9250 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-9250?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Local Traffic Manager, F5 Big-Ip Application Acceleration Manager, F5 Big-Ip Advanced Firewall Manager, F5 Big-Ip Analytics, F5 Big-Ip Access Policy Manager.