Description
BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote attackers to obtain login access to AOM via an (1) expired or (2) default password.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://support.f5.com/kb/en-us/solutions/public/k/05/sol05272632.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034629
Scores
CVSS v3
9.8
EPSS
0.0357
EPSS Percentile
87.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-255
Status
published
Products (9)
f5/big-ip_access_policy_manager
12.0.0
f5/big-ip_advanced_firewall_manager
12.0.0
f5/big-ip_analytics
12.0.0
f5/big-ip_application_acceleration_manager
12.0.0
f5/big-ip_application_security_manager
12.0.0
f5/big-ip_domain_name_system
12.0.0
f5/big-ip_link_controller
12.0.0
f5/big-ip_local_traffic_manager
12.0.0
f5/big-ip_policy_enforcement_manager
12.0.0
Published
Jan 12, 2016
Tracked Since
Feb 18, 2026