Vulnerability Name:

CVE-2016-2084 (CCN-112125)

Assigned:2016-04-11
Published:2016-04-11
Updated:2016-04-21
Summary:F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud, Device, and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS), Azure or Verizon cloud services environments, which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration.
CVSS v3 Severity:7.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H)
6.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): High
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-200
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2016-2084

Source: SECTRACK
Type: UNKNOWN
1035520

Source: XF
Type: UNKNOWN
f5-bigip-cve20162084-dos(112125)

Source: CCN
Type: F5 Security Advisory sol11772107
BIG-IP and BIG-IQ cloud image vulnerability CVE-2016-2084

Source: CONFIRM
Type: Vendor Advisory
https://support.f5.com/kb/en-us/solutions/public/k/11/sol11772107.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:f5:big-iq_security:4.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_security:4.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_security:4.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_security:4.5.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:f5:big-ip_webaccelerator:11.3.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:f5:big-ip_application_security_manager:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_security_manager:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_security_manager:11.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_security_manager:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_security_manager:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_security_manager:11.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/a:f5:big-iq_cloud:4.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_cloud:4.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_cloud:4.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_cloud:4.5.0:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/a:f5:big-iq_application_delivery_controller:4.5.0:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/a:f5:big-ip_global_traffic_manager:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_global_traffic_manager:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_global_traffic_manager:11.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_global_traffic_manager:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_global_traffic_manager:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_global_traffic_manager:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_global_traffic_manager:11.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/a:f5:big-ip_local_traffic_manager:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/a:f5:big-iq_device:4.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_device:4.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_device:4.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_device:4.5.0:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/a:f5:big-ip_edge_gateway:11.3.0:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/a:f5:big-ip_application_acceleration_manager:11.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_acceleration_manager:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_acceleration_manager:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_acceleration_manager:11.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/a:f5:big-ip_wan_optimization_manager:11.3.0:*:*:*:*:*:*:*

    • Configuration 14:
  • cpe:/a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*

    • Configuration 15:
  • cpe:/a:f5:big-ip_link_controller:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_link_controller:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_link_controller:11.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_link_controller:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_link_controller:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_link_controller:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_link_controller:11.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*

    • Configuration 16:
  • cpe:/a:f5:big-ip_protocol_security_module:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_protocol_security_module:11.4.0:*:*:*:*:*:*:*

    • Configuration 17:
  • cpe:/a:f5:big-ip_analytics:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:11.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:11.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*

    • Configuration 18:
  • cpe:/a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.3.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    f5 big-iq security 4.2.0
    f5 big-iq security 4.3.0
    f5 big-iq security 4.4.0
    f5 big-iq security 4.5.0
    f5 big-ip webaccelerator 11.3.0
    f5 big-ip application security manager 11.3.0
    f5 big-ip application security manager 11.4.0
    f5 big-ip application security manager 11.4.1
    f5 big-ip application security manager 11.5.0
    f5 big-ip application security manager 11.5.1
    f5 big-ip application security manager 11.5.2
    f5 big-ip application security manager 11.5.3
    f5 big-ip application security manager 11.5.4
    f5 big-ip application security manager 11.6.0
    f5 big-ip application security manager 12.0.0
    f5 big-ip access policy manager 11.3.0
    f5 big-ip access policy manager 11.4.0
    f5 big-ip access policy manager 11.4.1
    f5 big-ip access policy manager 11.5.0
    f5 big-ip access policy manager 11.5.1
    f5 big-ip access policy manager 11.5.2
    f5 big-ip access policy manager 11.5.3
    f5 big-ip access policy manager 11.5.4
    f5 big-ip access policy manager 11.6.0
    f5 big-ip access policy manager 12.0.0
    f5 big-ip policy enforcement manager 11.3.0
    f5 big-ip policy enforcement manager 11.4.0
    f5 big-ip policy enforcement manager 11.4.1
    f5 big-ip policy enforcement manager 11.5.0
    f5 big-ip policy enforcement manager 11.5.1
    f5 big-ip policy enforcement manager 11.5.2
    f5 big-ip policy enforcement manager 11.5.3
    f5 big-ip policy enforcement manager 11.5.4
    f5 big-ip policy enforcement manager 11.6.0
    f5 big-ip policy enforcement manager 12.0.0
    f5 big-iq cloud 4.2.0
    f5 big-iq cloud 4.3.0
    f5 big-iq cloud 4.4.0
    f5 big-iq cloud 4.5.0
    f5 big-iq application delivery controller 4.5.0
    f5 big-ip global traffic manager 11.3.0
    f5 big-ip global traffic manager 11.4.0
    f5 big-ip global traffic manager 11.4.1
    f5 big-ip global traffic manager 11.5.0
    f5 big-ip global traffic manager 11.5.1
    f5 big-ip global traffic manager 11.5.2
    f5 big-ip global traffic manager 11.5.3
    f5 big-ip global traffic manager 11.5.4
    f5 big-ip global traffic manager 11.6.0
    f5 big-ip local traffic manager 11.3.0
    f5 big-ip local traffic manager 11.4.0
    f5 big-ip local traffic manager 11.4.1
    f5 big-ip local traffic manager 11.5.0
    f5 big-ip local traffic manager 11.5.1
    f5 big-ip local traffic manager 11.5.2
    f5 big-ip local traffic manager 11.5.3
    f5 big-ip local traffic manager 11.5.4
    f5 big-ip local traffic manager 11.6.0
    f5 big-ip local traffic manager 12.0.0
    f5 big-iq device 4.2.0
    f5 big-iq device 4.3.0
    f5 big-iq device 4.4.0
    f5 big-iq device 4.5.0
    f5 big-ip edge gateway 11.3.0
    f5 big-ip application acceleration manager 11.4.1
    f5 big-ip application acceleration manager 11.5.0
    f5 big-ip application acceleration manager 11.5.1
    f5 big-ip application acceleration manager 11.5.2
    f5 big-ip application acceleration manager 11.5.3
    f5 big-ip application acceleration manager 11.5.4
    f5 big-ip application acceleration manager 11.6.0
    f5 big-ip application acceleration manager 12.0.0
    f5 big-ip wan optimization manager 11.3.0
    f5 big-ip advanced firewall manager 11.3.0
    f5 big-ip advanced firewall manager 11.4.0
    f5 big-ip advanced firewall manager 11.4.1
    f5 big-ip advanced firewall manager 11.5.0
    f5 big-ip advanced firewall manager 11.5.1
    f5 big-ip advanced firewall manager 11.5.2
    f5 big-ip advanced firewall manager 11.5.3
    f5 big-ip advanced firewall manager 11.5.4
    f5 big-ip advanced firewall manager 11.6.0
    f5 big-ip advanced firewall manager 12.0.0
    f5 big-ip link controller 11.3.0
    f5 big-ip link controller 11.4.0
    f5 big-ip link controller 11.4.1
    f5 big-ip link controller 11.5.0
    f5 big-ip link controller 11.5.1
    f5 big-ip link controller 11.5.2
    f5 big-ip link controller 11.5.3
    f5 big-ip link controller 11.5.4
    f5 big-ip link controller 11.6.0
    f5 big-ip link controller 12.0.0
    f5 big-ip protocol security module 11.3.0
    f5 big-ip protocol security module 11.4.0
    f5 big-ip analytics 11.3.0
    f5 big-ip analytics 11.4.0
    f5 big-ip analytics 11.4.1
    f5 big-ip analytics 11.5.0
    f5 big-ip analytics 11.5.1
    f5 big-ip analytics 11.5.2
    f5 big-ip analytics 11.5.3
    f5 big-ip analytics 11.5.4
    f5 big-ip analytics 11.6.0
    f5 big-ip analytics 12.0.0
    f5 big-ip domain name system 12.0.0
    f5 big-ip local traffic manager 11.5.1
    f5 big-ip analytics 11.5.1
    f5 big-ip analytics 11.3.0
    f5 big-ip analytics 11.5.0
    f5 big-ip local traffic manager 11.5.3
    f5 big-ip local traffic manager 11.6.0
    f5 big-ip advanced firewall manager 11.5.3
    f5 big-ip advanced firewall manager 11.6.0
    f5 big-ip local traffic manager 11.3.0