Vulnerability identifier: #VU6532

Vulnerability risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-9253

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
BIG-IP AAM
Hardware solutions / Routers & switches, VoIP, GSM, etc
BIG-IP DNS
Hardware solutions / Routers & switches, VoIP, GSM, etc
BIG-IP Link Controller
Hardware solutions / Routers & switches, VoIP, GSM, etc
BIG-IP AFM
Hardware solutions / Security hardware applicances
BIG-IP Analytics
Hardware solutions / Security hardware applicances
BIG-IP APM
Hardware solutions / Security hardware applicances
BIG-IP ASM
Hardware solutions / Security hardware applicances
BIG-IP LTM
Hardware solutions / Security hardware applicances
BIG-IP PEM
Hardware solutions / Security hardware applicances
BIG-IP WebSafe
Server applications / Server solutions for antivurus protection

Vendor: F5 Networks

Description
The vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.

The weakness exists due to improper validation of user-supplied input. A remote attacker can submit a specially crafted websocket traffic and cause the affected server to crash.

Successful exploitation of the vulnerability may result in denial of service.

Mitigation
Install update from vendor's website.

Vulnerable software versions

BIG-IP AAM: 12.1.0 - 12.1.2

BIG-IP AFM: 12.1.0 - 12.1.2

BIG-IP Analytics: 12.1.0 - 12.1.2

BIG-IP APM: 12.1.0 - 12.1.2

BIG-IP ASM: 12.1.0 - 12.1.2

BIG-IP DNS: 12.1.0 - 12.1.2

BIG-IP Link Controller: 12.1.0 - 12.1.2

BIG-IP LTM: 12.1.0 - 12.1.2

BIG-IP PEM: 12.1.0 - 12.1.2

BIG-IP WebSafe: 12.1.0 - 12.1.2

---

External links
http://support.f5.com/csp/article/K51351360

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.