Details of VAR-201610-0346

ID

VAR-201610-0346

CVE

CVE-2016-5745

TITLE

F5 BIG-IP LTM System configuration file modification vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-005175

DESCRIPTION

F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modify or extract system configuration files via vectors involving NAT64. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlBy a third party NAT64 Problems or system configuration files changed or extracted (extract) There is a possibility that. F5 BIG-IP LTM Products are prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. F5 BIG-IP LTM is a local traffic manager of F5 company in the United States. The following versions are affected: F5 BIG-IP LTM 11.x prior to 11.2.1 HF16, 11.3.x prior, 11.4.1 11.4.x prior to HF11, 11.5.0, 11.5.1 prior to HF11, Version 11.5.2, Version 11.5.3, Version 11.5.4 before HF2, Version 11.6.0 before HF8, Version 11.6.1 before HF1, Version 12.0.0 before HF4, Version 12.1.0 before HF2

Trust: 1.98

sources: NVD: CVE-2016-5745 // JVNDB: JVNDB-2016-005175 // BID: 94240 // VULHUB: VHN-94564

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.1	Trust: 1.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.4.1	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.4	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.3	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.0	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.1	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.0.0	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.4.0	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.0	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.3.0	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.2	Trust: 1.6
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.0.0 to 11.2.1 hf15	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.3.0 to 11.4.1 hf10	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.0 to 11.5.1 hf10	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.2 to 11.5.4 hf1	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.0 to 11.6.0 hf7	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.0.0 to 12.0.0 hf3	Trust: 0.8
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	12.1.0 to 12.1.0 hf1	Trust: 0.8
vendor:	f5	model:	big-ip ltm hf1	scope:	eq	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf7	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf6	scope:	eq	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf2	scope:	eq	version:	11.5.3	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.5.3	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.5.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf10	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.5	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf9	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf6	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf5	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf4	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf3	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf2	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf9	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf8	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf7	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf10	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf3	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf15	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf14	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf13	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf12	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf11	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf10	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf3	scope:	eq	version:	11.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	12.1.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf3	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf2	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	eq	version:	12.0.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf5	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf4	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.6.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	eq	version:	11.5.3	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf8	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf10	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf4	scope:	eq	version:	11.3.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.3.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf5	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf2	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf5	scope:	eq	version:	11.2.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf2	scope:	eq	version:	11.2.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf7	scope:	eq	version:	11.1.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	eq	version:	11.1.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	12.1.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf2	scope:	ne	version:	12.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf4	scope:	ne	version:	12.0	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf1	scope:	ne	version:	11.6.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf8	scope:	ne	version:	11.6	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf2	scope:	ne	version:	11.5.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf11	scope:	ne	version:	11.5.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf16	scope:	ne	version:	11.2.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	10.2.4	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	10.2.3	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	10.2.2	Trust: 0.3
vendor:	f5	model:	big-ip ltm hf11	scope:	ne	version:	11.4.1	Trust: 0.3
vendor:	f5	model:	big-ip ltm	scope:	ne	version:	10.2.1	Trust: 0.3

sources: BID: 94240 // JVNDB: JVNDB-2016-005175 // CNNVD: CNNVD-201610-103 // NVD: CVE-2016-5745

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-5745
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-5745
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201610-103
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-94564
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-5745
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-94564
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-5745
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-94564 // JVNDB: JVNDB-2016-005175 // CNNVD: CNNVD-201610-103 // NVD: CVE-2016-5745

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-94564 // JVNDB: JVNDB-2016-005175 // NVD: CVE-2016-5745

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201610-103

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201610-103

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-005175

PATCH

title:	SOL64743453: NAT64 vulnerability CVE-2016-5745	url:	https://support.f5.com/kb/en-us/solutions/public/k/64/sol64743453.html	Trust: 0.8
title:	F5 BIG-IP LTM System security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=64530	Trust: 0.6

sources: JVNDB: JVNDB-2016-005175 // CNNVD: CNNVD-201610-103

EXTERNAL IDS

db:	NVD	id:	CVE-2016-5745	Trust: 2.8
db:	SECTRACK	id:	1036927	Trust: 1.7
db:	BID	id:	94240	Trust: 1.4
db:	JVNDB	id:	JVNDB-2016-005175	Trust: 0.8
db:	CNNVD	id:	CNNVD-201610-103	Trust: 0.7
db:	AUSCERT	id:	ESB-2016.2286	Trust: 0.6
db:	VULHUB	id:	VHN-94564	Trust: 0.1

sources: VULHUB: VHN-94564 // BID: 94240 // JVNDB: JVNDB-2016-005175 // CNNVD: CNNVD-201610-103 // NVD: CVE-2016-5745

REFERENCES

url:	https://support.f5.com/kb/en-us/solutions/public/k/64/sol64743453.html	Trust: 2.0
url:	http://www.securityfocus.com/bid/94240	Trust: 1.1
url:	http://www.securitytracker.com/id/1036927	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5745	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5745	Trust: 0.8
url:	http://securitytracker.com/id/1036927	Trust: 0.6
url:	http://www.auscert.org.au/./render.html?it=39118	Trust: 0.6
url:	http://www.f5.com/products/big-ip/	Trust: 0.3

sources: VULHUB: VHN-94564 // BID: 94240 // JVNDB: JVNDB-2016-005175 // CNNVD: CNNVD-201610-103 // NVD: CVE-2016-5745

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 94240

SOURCES

db:	VULHUB	id:	VHN-94564
db:	BID	id:	94240
db:	JVNDB	id:	JVNDB-2016-005175
db:	CNNVD	id:	CNNVD-201610-103
db:	NVD	id:	CVE-2016-5745

LAST UPDATE DATE

2025-04-13T23:35:03.144000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-94564	date:	2016-11-28T00:00:00
db:	BID	id:	94240	date:	2016-11-24T01:09:00
db:	JVNDB	id:	JVNDB-2016-005175	date:	2016-10-13T00:00:00
db:	CNNVD	id:	CNNVD-201610-103	date:	2016-10-11T00:00:00
db:	NVD	id:	CVE-2016-5745	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-94564	date:	2016-10-05T00:00:00
db:	BID	id:	94240	date:	2016-10-05T00:00:00
db:	JVNDB	id:	JVNDB-2016-005175	date:	2016-10-13T00:00:00
db:	CNNVD	id:	CNNVD-201610-103	date:	2016-09-30T00:00:00
db:	NVD	id:	CVE-2016-5745	date:	2016-10-05T16:59:03.790