Details of VAR-201606-0030

ID

VAR-201606-0030

CVE

CVE-2016-5020

TITLE

F5 BIG-IP In Resource Administration Vulnerability in changing account settings for role users

Trust: 0.8

sources: JVNDB: JVNDB-2016-003392

DESCRIPTION

F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script. Multiple F5 BIG-IP Products are prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges and perform unauthorized actions. F5 BIG-IP LTM, etc. LTM is a local traffic manager; GTM is a wide area traffic manager; WebAccelerator is an application accelerator. The following products and versions are affected: F5 BIG-IP LTM, ASM, Link Controller version 12.0.0, version 11.4.0 to version 11.6.1, version 11.2.1, version 10.2.1 to version 10.2.4, AAM 12.0. 0 to 12.1.0, 11.4.0 to 11.6.1, AFM, PEM 12.0.0, 11.4.0 to 11.6.1, Analytics 12.0.0, 11.4.0 to 11.6.1 Versions, 11.2.1, DNS 12.0.0, Edge Gateway, WebAccelerator, WOM 11.2.1, 10.2.1 to 10.2.4, GTM 11.4.0 to 11.6.1, 11.2.1, Version 10.2.1 to version 10.2.4

Trust: 1.98

sources: NVD: CVE-2016-5020 // JVNDB: JVNDB-2016-003392 // BID: 91532 // VULHUB: VHN-93839

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip link controller	scope:	eq	version:	12.0.0	Trust: 2.4
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.2.1	Trust: 1.8
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	12.0.0	Trust: 1.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	12.0.0	Trust: 1.8
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.2.1	Trust: 1.8
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	12.0.0	Trust: 1.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.2.1	Trust: 1.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	12.0.0	Trust: 1.8
vendor:	f5	model:	big-ip domain name system	scope:	eq	version:	12.0.0	Trust: 1.8
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.2.1	Trust: 1.8
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.2.1	Trust: 1.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.2.1	Trust: 1.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.2.1	Trust: 1.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.0.0	Trust: 1.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	12.0.0	Trust: 1.8
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.2.1	Trust: 1.8
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.2.1	Trust: 1.8
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.3	Trust: 1.6
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.2	Trust: 1.6
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.4	Trust: 1.6
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.1	Trust: 1.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.3	Trust: 1.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.3	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.4	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.2	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.1 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.4.0 to 11.6.1	Trust: 0.8
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.4.0 to 11.6.1	Trust: 0.8
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.4.0 to 11.6.1	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.4.0 to 11.6.1	Trust: 0.8
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	12.0.0 to 12.1.0	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.1 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.4.0 to 11.6.1	Trust: 0.8
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.1 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.1 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.4.0 to 11.6.1	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.1 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.4.0 to 11.6.1	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.1 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.4.0 to 11.6.1	Trust: 0.8
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.4.0 to 11.6.1	Trust: 0.8
vendor:	f5	model:	big-ip protocol security manager	scope:	eq	version:	10.2.1 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip protocol security manager	scope:	eq	version:	11.4.0 to 11.4.1	Trust: 0.8
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	none	Trust: 0.8
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.1 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.1 to 10.2.4	Trust: 0.8
vendor:	f5	model:	big-ip protocol security manager	scope:	eq	version:	11.4.1	Trust: 0.6
vendor:	f5	model:	big-ip protocol security manager	scope:	eq	version:	10.2.4	Trust: 0.6
vendor:	f5	model:	big-ip protocol security manager	scope:	eq	version:	11.4.0	Trust: 0.6
vendor:	f5	model:	big-ip protocol security manager	scope:	eq	version:	10.2.3	Trust: 0.6

sources: JVNDB: JVNDB-2016-003392 // NVD: CVE-2016-5020 // CNNVD: CNNVD-201606-249

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2016-5020
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-201606-249
value:	HIGH
Trust: 0.6
VULHUB:	VHN-93839
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2016-5020
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-93839
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2016-5020
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-93839 // JVNDB: JVNDB-2016-003392 // NVD: CVE-2016-5020 // CNNVD: CNNVD-201606-249

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-93839 // JVNDB: JVNDB-2016-003392 // NVD: CVE-2016-5020

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201606-249

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201606-249

CONFIGURATIONS

sources: NVD: CVE-2016-5020

PATCH

title:	SOL00265182: Custom monitor privilege escalation vulnerability CVE-2016-5020	url:	https://support.f5.com/kb/en-us/solutions/public/k/00/sol00265182.html	Trust: 0.8
title:	Multiple F5 BIG-IP Repair measures for product privilege vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=62204	Trust: 0.6

sources: JVNDB: JVNDB-2016-003392 // CNNVD: CNNVD-201606-249

EXTERNAL IDS

db:	NVD	id:	CVE-2016-5020	Trust: 2.8
db:	BID	id:	91532	Trust: 2.0
db:	SECTRACK	id:	1036131	Trust: 1.7
db:	JVNDB	id:	JVNDB-2016-003392	Trust: 0.8
db:	CNNVD	id:	CNNVD-201606-249	Trust: 0.7
db:	VULHUB	id:	VHN-93839	Trust: 0.1

sources: VULHUB: VHN-93839 // BID: 91532 // JVNDB: JVNDB-2016-003392 // NVD: CVE-2016-5020 // CNNVD: CNNVD-201606-249

REFERENCES

url:	http://www.securityfocus.com/bid/91532	Trust: 2.3
url:	https://support.f5.com/kb/en-us/solutions/public/k/00/sol00265182.html	Trust: 1.7
url:	http://www.securitytracker.com/id/1036131	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5020	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5020	Trust: 0.8
url:	http://www.f5.com/products/big-ip/	Trust: 0.3

sources: VULHUB: VHN-93839 // BID: 91532 // JVNDB: JVNDB-2016-003392 // NVD: CVE-2016-5020 // CNNVD: CNNVD-201606-249

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 91532

SOURCES

db:	VULHUB	id:	VHN-93839
db:	BID	id:	91532
db:	JVNDB	id:	JVNDB-2016-003392
db:	NVD	id:	CVE-2016-5020
db:	CNNVD	id:	CNNVD-201606-249

LAST UPDATE DATE

2023-12-18T13:09:03.503000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-93839	date:	2019-06-06T00:00:00
db:	BID	id:	91532	date:	2016-07-06T15:10:00
db:	JVNDB	id:	JVNDB-2016-003392	date:	2016-07-05T00:00:00
db:	NVD	id:	CVE-2016-5020	date:	2019-06-06T15:11:36.407
db:	CNNVD	id:	CNNVD-201606-249	date:	2019-06-11T00:00:00

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-93839	date:	2016-06-30T00:00:00
db:	BID	id:	91532	date:	2016-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2016-003392	date:	2016-07-05T00:00:00
db:	NVD	id:	CVE-2016-5020	date:	2016-06-30T17:59:08.970
db:	CNNVD	id:	CNNVD-201606-249	date:	2016-06-12T00:00:00