XSS vulnerability in the BIG-IP and Enterprise Manager Configuration utilities CVE-2016-7469

Synopsis:

The remote device is missing a vendor-supplied security patch.

Description:

A stored cross-site scripting (XSS) vulnerability in the BIG-IP Configuration utility device name change page allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable. (CVE-2016-7469)




Impact:

This vulnerability allows an authenticated attacker to execute a cross-site scripting (XSS) attack. By sending specially crafted input, the attacker can also cause the Configuration utility to become unstable.

Solution:

Upgrade to one of the non-vulnerable versions listed in the F5
Solution K97285349.
Risk factor: High

References:

https://vulners.com/f5/F5:K97285349
https://support.f5.com/csp/article/K97285349

Share This:
Facebooktwittergoogle_plusredditpinterestlinkedintumblr