Vulnerability Details : CVE-2016-9249
An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).
Vulnerability category: Input validationDenial of service
Products affected by CVE-2016-9249
- cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_local_traffic_manager:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_security_manager:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_link_controller:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_analytics:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_analytics:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_domain_name_system:12.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_domain_name_system:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_websafe:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_websafe:12.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5:big-ip_websafe:12.1.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-9249
0.35%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-9249
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-9249
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-9249
-
https://support.f5.com/csp/article/K71282001
Vendor Advisory
-
http://www.securitytracker.com/id/1037715
F5 BIG-IP TCP Fast Open Flaw Lets Remote Users Cause the Target System to Restart - SecurityTracker
-
http://www.securityfocus.com/bid/95825
Multiple F5 BIG-IP Products CVE-2016-9249 Denial of Service VulnerabilityThird Party Advisory;VDB Entry
Jump to