CVE-2016-9250
HIGHF5 BIG-IP 11.2.1, 11.4.0-11.6.1, 12.0.0-12.1.2 - Unauthenticated Arbitrary File Deletion
Title source: llmDescription
In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, an unauthenticated user with access to the control plane may be able to delete arbitrary files through an undisclosed mechanism.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K55792317
Scores
CVSS v3
7.5
EPSS
0.0061
EPSS Percentile
69.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-264
Status
published
Products (50)
f5/big-ip_access_policy_manager
11.2.1
f5/big-ip_access_policy_manager
11.4.0
f5/big-ip_access_policy_manager
11.4.1
f5/big-ip_access_policy_manager
11.5.0
f5/big-ip_access_policy_manager
11.5.1
f5/big-ip_access_policy_manager
11.5.2
f5/big-ip_access_policy_manager
11.5.3
f5/big-ip_access_policy_manager
11.5.4
f5/big-ip_access_policy_manager
11.6.0
f5/big-ip_access_policy_manager
11.6.1
... and 40 more
Published
May 10, 2017
Tracked Since
Feb 18, 2026