Multiple vulnerabilities in F5 BIG-IQ Centralized Management webUI and tmsh utility
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2016-10350 CVE-2016-10349 CVE-2016-10209 |
| CWE-ID | CWE-125 CWE-476 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
BIG-IQ Centralized Management Server applications / Remote management servers, RDP, SSH |
| Vendor | F5 Networks |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Buffer over-read
EUVDB-ID: #VU15953
Risk: Low
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2016-10350
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2. A remote attacker can trigger heap-based buffer over-read and application crash via a specially crafted file.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBIG-IQ Centralized Management: 8.2.0 - 8.3.0
CPE2.3- cpe:2.3:a:f5_networks:big-iq:8.2.0:*:*:*:*:*:*:
- cpe:2.3:a:f5_networks:big-iq:8.2.0.1:*:*:*:*:*:*:
- cpe:2.3:a:f5_networks:big-iq:8.3.0:*:*:*:*:*:*:
http://my.f5.com/manage/s/article/K000148259
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer over-read
EUVDB-ID: #VU15951
Risk: Low
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2016-10349
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the archive_le32dec function in archive_endian.h in libarchive. A remote attacker can trigger heap-based buffer over-read and application crash via a specially crafted file.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBIG-IQ Centralized Management: 8.2.0 - 8.3.0
CPE2.3- cpe:2.3:a:f5_networks:big-iq:8.2.0:*:*:*:*:*:*:
- cpe:2.3:a:f5_networks:big-iq:8.2.0.1:*:*:*:*:*:*:
- cpe:2.3:a:f5_networks:big-iq:8.3.0:*:*:*:*:*:*:
http://my.f5.com/manage/s/article/K000148259
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU15950
Risk: Low
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2016-10209
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in archive_string.c in libarchive allows remote attackers to trigger NULL pointer dereference and application crash via a specially crafted archive file.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsBIG-IQ Centralized Management: 8.2.0 - 8.3.0
CPE2.3- cpe:2.3:a:f5_networks:big-iq:8.2.0:*:*:*:*:*:*:
- cpe:2.3:a:f5_networks:big-iq:8.2.0.1:*:*:*:*:*:*:
- cpe:2.3:a:f5_networks:big-iq:8.3.0:*:*:*:*:*:*:
http://my.f5.com/manage/s/article/K000148259
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
