CVE-2016-2084 Information

Description

F5 BIG-IP LTM AFM Analytics APM ASM Link Controller and PEM 11.3.x 11.4.x before 11.4.1 build 685-HF10 11.5.1 before build 10.104.180 11.5.2 before 11.5.4 build 0.1.256 11.6.0 before build 6.204.442 and 12.0.0 before build 1.14.628; BIG-IP AAM 11.4.x before 11.4.1 build 685-HF10 11.5.1 before build 10.104.180 11.5.2 before 11.5.4 build 0.1.256 11.6.0 before build 6.204.442 and 12.0.0 before build 1.14.628; BIG-IP DNS 12.0.0 before build 1.14.628; BIG-IP Edge Gateway WebAccelerator and WOM 11.3.0; BIG-IP GTM 11.3.x 11.4.x before 11.4.1 build 685-HF10 11.5.1 before build 10.104.180 11.5.2 before 11.5.4 build 0.1.256 and 11.6.0 before build 6.204.442; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 build 685-HF10; BIG-IQ Cloud Device and Security 4.2.0 through 4.5.0; and BIG-IQ ADC 4.5.0 do not properly regenerate certificates and keys when deploying cloud images in Amazon Web Services (AWS) Azure or Verizon cloud services environments which allows attackers to obtain sensitive information or cause a denial of service (disruption) by leveraging a target instance configuration.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

Reference

http://www.securitytracker.com/id/1035520 https://support.f5.com/kb/en-us/solutions/public/k/11/sol11772107.html

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.4