Vulnerabilites related to f5 - big-iq_cloud_and_orchestration
CVE-2015-7393 (GCVE-0-2015-7393)
Vulnerability from cvelistv5
Published
2016-01-12 20:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html | x_refsource_CONFIRM | |
| http://securitytracker.com/id/1034632 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1034633 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T07:51:27.284Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html", }, { name: "1034632", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id/1034632", }, { name: "1034633", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1034633", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-01-08T00:00:00", descriptions: [ { lang: "en", value: "dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-01-12T19:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html", }, { name: "1034632", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id/1034632", }, { name: "1034633", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1034633", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-7393", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html", refsource: "CONFIRM", url: "https://support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html", }, { name: "1034632", refsource: "SECTRACK", url: "http://securitytracker.com/id/1034632", }, { name: "1034633", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1034633", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-7393", datePublished: "2016-01-12T20:00:00", dateReserved: "2015-09-29T00:00:00", dateUpdated: "2024-08-06T07:51:27.284Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-5516 (GCVE-0-2018-5516)
Vulnerability from cvelistv5
Published
2018-05-02 13:00
Modified
2024-09-17 02:41
Severity ?
EPSS score ?
Summary
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.f5.com/csp/article/K37442533 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1040800 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1040799 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | F5 Networks, Inc. | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) |
Version: 13.0.0-13.1.0.5 Version: 12.1.0-12.1.2 Version: 11.2.1-11.6.3.1 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T05:40:50.596Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K37442533", }, { name: "1040800", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040800", }, { name: "1040799", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1040799", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)", vendor: "F5 Networks, Inc.", versions: [ { status: "affected", version: "13.0.0-13.1.0.5", }, { status: "affected", version: "12.1.0-12.1.2", }, { status: "affected", version: "11.2.1-11.6.3.1", }, ], }, { product: "Enterprise Manager", vendor: "F5 Networks, Inc.", versions: [ { status: "affected", version: "3.1.1", }, ], }, { product: "BIG-IQ Centralized Management", vendor: "F5 Networks, Inc.", versions: [ { status: "affected", version: "5.0.0-5.4.0", }, { status: "affected", version: "4.6.0", }, ], }, { product: "BIG-IQ Cloud and Orchestration", vendor: "F5 Networks, Inc.", versions: [ { status: "affected", version: "1.0.0", }, ], }, { product: "iWorkflow", vendor: "F5 Networks, Inc.", versions: [ { status: "affected", version: "2.0.2-2.3.0", }, ], }, ], datePublic: "2018-04-30T00:00:00", descriptions: [ { lang: "en", value: "On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.", }, ], problemTypes: [ { descriptions: [ { description: "Privilege escalation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-05-03T09:57:01", orgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", shortName: "f5", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K37442533", }, { name: "1040800", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040800", }, { name: "1040799", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1040799", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "f5sirt@f5.com", DATE_PUBLIC: "2018-04-30T00:00:00", ID: "CVE-2018-5516", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)", version: { version_data: [ { version_value: "13.0.0-13.1.0.5", }, { version_value: "12.1.0-12.1.2", }, { version_value: "11.2.1-11.6.3.1", }, ], }, }, { product_name: "Enterprise Manager", version: { version_data: [ { version_value: "3.1.1", }, ], }, }, { product_name: "BIG-IQ Centralized Management", version: { version_data: [ { version_value: "5.0.0-5.4.0", }, { version_value: "4.6.0", }, ], }, }, { product_name: "BIG-IQ Cloud and Orchestration", version: { version_data: [ { version_value: "1.0.0", }, ], }, }, { product_name: "iWorkflow", version: { version_data: [ { version_value: "2.0.2-2.3.0", }, ], }, }, ], }, vendor_name: "F5 Networks, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Privilege escalation", }, ], }, ], }, references: { reference_data: [ { name: "https://support.f5.com/csp/article/K37442533", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K37442533", }, { name: "1040800", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040800", }, { name: "1040799", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1040799", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", assignerShortName: "f5", cveId: "CVE-2018-5516", datePublished: "2018-05-02T13:00:00Z", dateReserved: "2018-01-12T00:00:00", dateUpdated: "2024-09-17T02:41:51.080Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-15321 (GCVE-0-2018-15321)
Vulnerability from cvelistv5
Published
2018-10-31 14:00
Modified
2024-08-05 09:54
Severity ?
EPSS score ?
Summary
When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.f5.com/csp/article/K01067037 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager |
Version: 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:54:01.880Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K01067037", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager", vendor: "F5 Networks, Inc.", versions: [ { status: "affected", version: "14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6", }, ], }, ], datePublic: "2018-10-30T00:00:00", descriptions: [ { lang: "en", value: "When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.", }, ], problemTypes: [ { descriptions: [ { description: "Privilege escalation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-31T13:57:01", orgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", shortName: "f5", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K01067037", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "f5sirt@f5.com", ID: "CVE-2018-15321", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager", version: { version_data: [ { version_value: "14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6", }, ], }, }, ], }, vendor_name: "F5 Networks, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Privilege escalation", }, ], }, ], }, references: { reference_data: [ { name: "https://support.f5.com/csp/article/K01067037", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K01067037", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", assignerShortName: "f5", cveId: "CVE-2018-15321", datePublished: "2018-10-31T14:00:00", dateReserved: "2018-08-14T00:00:00", dateUpdated: "2024-08-05T09:54:01.880Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-5540 (GCVE-0-2018-5540)
Vulnerability from cvelistv5
Published
2018-07-19 14:00
Modified
2024-09-17 00:36
Severity ?
EPSS score ?
Summary
On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1041340 | vdb-entry, x_refsource_SECTRACK | |
| https://support.f5.com/csp/article/K82038789 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/104920 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041341 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | F5 Networks, Inc. | BIG-IP (DNS, GTM) |
Version: 13.0.0-13.0.1 Version: 12.1.0-12.1.3.3 Version: 11.6.0-11.6.3.1 Version: 11.5.1-11.5.6 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T05:40:50.601Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1041340", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041340", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K82038789", }, { name: "104920", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/104920", }, { name: "1041341", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1041341", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BIG-IP (DNS, GTM)", vendor: "F5 Networks, Inc.", versions: [ { status: "affected", version: "13.0.0-13.0.1", }, { status: "affected", version: "12.1.0-12.1.3.3", }, { status: "affected", version: "11.6.0-11.6.3.1", }, { status: "affected", version: "11.5.1-11.5.6", }, ], }, { product: "Enterprise Manager", vendor: "F5 Networks, Inc.", versions: [ { status: "affected", version: "3.1.1", }, ], }, { product: "BIG-IQ Centralized Management", vendor: "F5 Networks, Inc.", versions: [ { status: "affected", version: "5.0.0-5.1.0", }, ], }, { product: "BIG-IQ Cloud and Orchestration", vendor: "F5 Networks, Inc.", versions: [ { status: "affected", version: "1.0.0", }, ], }, { product: "F5 iWorkflow", vendor: "F5 Networks, Inc.", versions: [ { status: "affected", version: "2.1.0-2.3.0", }, ], }, ], datePublic: "2018-07-18T00:00:00", descriptions: [ { lang: "en", value: "On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.", }, ], problemTypes: [ { descriptions: [ { description: "Privilege escalation", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-07-31T09:57:01", orgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", shortName: "f5", }, references: [ { name: "1041340", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041340", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K82038789", }, { name: "104920", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/104920", }, { name: "1041341", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1041341", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "f5sirt@f5.com", DATE_PUBLIC: "2018-07-18T00:00:00", ID: "CVE-2018-5540", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BIG-IP (DNS, GTM)", version: { version_data: [ { version_value: "13.0.0-13.0.1", }, { version_value: "12.1.0-12.1.3.3", }, { version_value: "11.6.0-11.6.3.1", }, { version_value: "11.5.1-11.5.6", }, ], }, }, { product_name: "Enterprise Manager", version: { version_data: [ { version_value: "3.1.1", }, ], }, }, { product_name: "BIG-IQ Centralized Management", version: { version_data: [ { version_value: "5.0.0-5.1.0", }, ], }, }, { product_name: "BIG-IQ Cloud and Orchestration", version: { version_data: [ { version_value: "1.0.0", }, ], }, }, { product_name: "F5 iWorkflow", version: { version_data: [ { version_value: "2.1.0-2.3.0", }, ], }, }, ], }, vendor_name: "F5 Networks, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Privilege escalation", }, ], }, ], }, references: { reference_data: [ { name: "1041340", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041340", }, { name: "https://support.f5.com/csp/article/K82038789", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K82038789", }, { name: "104920", refsource: "BID", url: "http://www.securityfocus.com/bid/104920", }, { name: "1041341", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1041341", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", assignerShortName: "f5", cveId: "CVE-2018-5540", datePublished: "2018-07-19T14:00:00Z", dateReserved: "2018-01-12T00:00:00", dateUpdated: "2024-09-17T00:36:23.820Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-5022 (GCVE-0-2016-5022)
Vulnerability from cvelistv5
Published
2016-09-07 19:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.x before 11.2.1 HF16 and 11.3.0; BIG-IP GTM 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1 HF1; BIG-IP PSM 11.2.x before 11.2.1 HF16, 11.3.x, and 11.4.0 through 11.4.1; Enterprise Manager 3.1.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 5.0.0; BIG-IQ Cloud and Orchestration 1.0.0; and iWorkflow 2.0.0, when Packet Filtering is enabled on virtual servers and possibly self IP addresses, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) and possibly have unspecified other impact via crafted network traffic.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1036710 | vdb-entry, x_refsource_SECTRACK | |
| https://support.f5.com/kb/en-us/solutions/public/k/06/sol06045217.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1036709 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:46:40.240Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1036710", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036710", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/06/sol06045217.html", }, { name: "1036709", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036709", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-08-29T00:00:00", descriptions: [ { lang: "en", value: "F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.x before 11.2.1 HF16 and 11.3.0; BIG-IP GTM 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1 HF1; BIG-IP PSM 11.2.x before 11.2.1 HF16, 11.3.x, and 11.4.0 through 11.4.1; Enterprise Manager 3.1.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 5.0.0; BIG-IQ Cloud and Orchestration 1.0.0; and iWorkflow 2.0.0, when Packet Filtering is enabled on virtual servers and possibly self IP addresses, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) and possibly have unspecified other impact via crafted network traffic.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-09-07T18:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1036710", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036710", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/06/sol06045217.html", }, { name: "1036709", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036709", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-5022", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.x before 11.2.1 HF16 and 11.3.0; BIG-IP GTM 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1 HF1; BIG-IP PSM 11.2.x before 11.2.1 HF16, 11.3.x, and 11.4.0 through 11.4.1; Enterprise Manager 3.1.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 5.0.0; BIG-IQ Cloud and Orchestration 1.0.0; and iWorkflow 2.0.0, when Packet Filtering is enabled on virtual servers and possibly self IP addresses, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) and possibly have unspecified other impact via crafted network traffic.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1036710", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036710", }, { name: "https://support.f5.com/kb/en-us/solutions/public/k/06/sol06045217.html", refsource: "CONFIRM", url: "https://support.f5.com/kb/en-us/solutions/public/k/06/sol06045217.html", }, { name: "1036709", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036709", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-5022", datePublished: "2016-09-07T19:00:00", dateReserved: "2016-05-24T00:00:00", dateUpdated: "2024-08-06T00:46:40.240Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2018-15322 (GCVE-0-2018-15322)
Vulnerability from cvelistv5
Published
2018-10-31 14:00
Modified
2024-08-05 09:54
Severity ?
EPSS score ?
Summary
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.f5.com/csp/article/K28003839 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| F5 Networks, Inc. | BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager |
Version: 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T09:54:01.869Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K28003839", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager", vendor: "F5 Networks, Inc.", versions: [ { status: "affected", version: "14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6", }, ], }, ], datePublic: "2018-10-30T00:00:00", descriptions: [ { lang: "en", value: "On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full.", }, ], problemTypes: [ { descriptions: [ { description: "DoS", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-31T13:57:01", orgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", shortName: "f5", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K28003839", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "f5sirt@f5.com", ID: "CVE-2018-15322", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe), BIG-IQ Centralized Management, BIG-IQ Cloud and Orchestration, iWorkflow, Enterprise Manager", version: { version_data: [ { version_value: "14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, 11.2.1-11.5.6", }, ], }, }, ], }, vendor_name: "F5 Networks, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "DoS", }, ], }, ], }, references: { reference_data: [ { name: "https://support.f5.com/csp/article/K28003839", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K28003839", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", assignerShortName: "f5", cveId: "CVE-2018-15322", datePublished: "2018-10-31T14:00:00", dateReserved: "2018-08-14T00:00:00", dateUpdated: "2024-08-05T09:54:01.869Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-8099 (GCVE-0-2015-8099)
Vulnerability from cvelistv5
Published
2016-05-13 16:00
Modified
2024-08-06 08:13
Severity ?
EPSS score ?
Summary
F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1035873 | vdb-entry, x_refsource_SECTRACK | |
| https://support.f5.com/kb/en-us/solutions/public/k/35/sol35358312.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1035874 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T08:13:31.089Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1035873", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035873", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/35/sol35358312.html", }, { name: "1035874", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035874", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-05-10T00:00:00", descriptions: [ { lang: "en", value: "F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-05-13T15:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "1035873", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035873", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/35/sol35358312.html", }, { name: "1035874", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035874", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-8099", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "1035873", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035873", }, { name: "https://support.f5.com/kb/en-us/solutions/public/k/35/sol35358312.html", refsource: "CONFIRM", url: "https://support.f5.com/kb/en-us/solutions/public/k/35/sol35358312.html", }, { name: "1035874", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035874", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-8099", datePublished: "2016-05-13T16:00:00", dateReserved: "2015-11-09T00:00:00", dateUpdated: "2024-08-06T08:13:31.089Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-5209 (GCVE-0-2014-5209)
Vulnerability from cvelistv5
Published
2020-01-08 00:29
Modified
2024-08-06 11:41
Severity ?
EPSS score ?
Summary
An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.f5.com/csp/article/K44942017 | x_refsource_CONFIRM | |
| https://support.f5.com/csp/article/K44942017?utm_source=f5support&%3Butm_medium=RSS | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/95841 | x_refsource_MISC | |
| https://support.f5.com/csp/article/K44942017 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T11:41:47.478Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K44942017", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K44942017?utm_source=f5support&%3Butm_medium=RSS", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://support.f5.com/csp/article/K44942017", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "NTP", vendor: "NTP", versions: [ { status: "affected", version: "4.2.7p25", }, ], }, ], datePublic: "2014-08-05T00:00:00", descriptions: [ { lang: "en", value: "An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.", }, ], problemTypes: [ { descriptions: [ { description: "information disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-01-08T00:31:11", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K44942017", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K44942017?utm_source=f5support&%3Butm_medium=RSS", }, { tags: [ "x_refsource_MISC", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841", }, { tags: [ "x_refsource_MISC", ], url: "https://support.f5.com/csp/article/K44942017", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cert@cert.org", ID: "CVE-2014-5209", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "NTP", version: { version_data: [ { version_value: "4.2.7p25", }, ], }, }, ], }, vendor_name: "NTP", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "information disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://support.f5.com/csp/article/K44942017", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K44942017", }, { name: "https://support.f5.com/csp/article/K44942017?utm_source=f5support&utm_medium=RSS", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K44942017?utm_source=f5support&utm_medium=RSS", }, { name: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841", refsource: "MISC", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841", }, { name: "https://support.f5.com/csp/article/K44942017", refsource: "MISC", url: "https://support.f5.com/csp/article/K44942017", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2014-5209", datePublished: "2020-01-08T00:29:42", dateReserved: "2014-08-13T00:00:00", dateUpdated: "2024-08-06T11:41:47.478Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2017-6128 (GCVE-0-2017-6128)
Vulnerability from cvelistv5
Published
2017-05-01 15:00
Modified
2024-08-05 15:18
Severity ?
EPSS score ?
Summary
An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1038363 | vdb-entry, x_refsource_SECTRACK | |
| https://support.f5.com/csp/article/K92140924 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1038362 | vdb-entry, x_refsource_SECTRACK |
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | F5 Networks, Inc. | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WebSafe |
Version: varies depending on product - see https://support.f5.com/csp/article/K92140924 for table |
||||||||||||||||
|
|||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T15:18:49.772Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "1038363", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038363", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K92140924", }, { name: "1038362", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1038362", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WebSafe", vendor: "F5 Networks, Inc.", versions: [ { status: "affected", version: "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table", }, ], }, { product: "Enterprise Manager", vendor: "F5 Networks, Inc.", versions: [ { status: "affected", version: "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table", }, ], }, { product: "BIG-IQ Cloud, Device, Security, ADC, Centralized Management, Cloud and Orchestration", vendor: "F5 Networks, Inc.", versions: [ { status: "affected", version: "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table", }, ], }, { product: "iWorkflow", vendor: "F5 Networks, Inc.", versions: [ { status: "affected", version: "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table", }, ], }, ], datePublic: "2017-04-21T00:00:00", descriptions: [ { lang: "en", value: "An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.", }, ], problemTypes: [ { descriptions: [ { description: "sshd is vulnerable to DoS", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T09:57:01", orgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", shortName: "f5", }, references: [ { name: "1038363", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038363", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K92140924", }, { name: "1038362", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1038362", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "f5sirt@f5.com", ID: "CVE-2017-6128", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WebSafe", version: { version_data: [ { version_value: "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table", }, ], }, }, { product_name: "Enterprise Manager", version: { version_data: [ { version_value: "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table", }, ], }, }, { product_name: "BIG-IQ Cloud, Device, Security, ADC, Centralized Management, Cloud and Orchestration", version: { version_data: [ { version_value: "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table", }, ], }, }, { product_name: "iWorkflow", version: { version_data: [ { version_value: "varies depending on product - see https://support.f5.com/csp/article/K92140924 for table", }, ], }, }, ], }, vendor_name: "F5 Networks, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "sshd is vulnerable to DoS", }, ], }, ], }, references: { reference_data: [ { name: "1038363", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038363", }, { name: "https://support.f5.com/csp/article/K92140924", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K92140924", }, { name: "1038362", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1038362", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", assignerShortName: "f5", cveId: "CVE-2017-6128", datePublished: "2017-05-01T15:00:00", dateReserved: "2017-02-21T00:00:00", dateUpdated: "2024-08-05T15:18:49.772Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2014-0196 (GCVE-0-2014-0196)
Vulnerability from cvelistv5
Published
2014-05-07 10:00
Modified
2025-02-07 13:36
Severity ?
EPSS score ?
Summary
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T09:05:39.223Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "USN-2203-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2203-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html", }, { name: "106646", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/106646", }, { name: "SUSE-SU-2014:0683", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html", }, { name: "[oss-security] 20140429 CVE-2014-0196: Linux kernel pty layer race condition memory corruption", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2014/05/05/6", }, { name: "59262", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59262", }, { name: "USN-2204-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2204-1", }, { name: "59218", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59218", }, { name: "USN-2202-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2202-1", }, { name: "33516", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "http://www.exploit-db.com/exploits/33516", }, { name: "DSA-2928", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2014/dsa-2928", }, { name: "USN-2199-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2199-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://linux.oracle.com/errata/ELSA-2014-0771.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1094232", }, { name: "USN-2197-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2197-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://source.android.com/security/bulletin/2016-07-01.html", }, { name: "RHSA-2014:0512", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0512.html", }, { name: "59599", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59599", }, { name: "DSA-2926", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2014/dsa-2926", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00", }, { name: "SUSE-SU-2014:0667", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://pastebin.com/raw.php?i=yTSFUBgZ", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugzilla.novell.com/show_bug.cgi?id=875690", }, { name: "USN-2198-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2198-1", }, { name: "USN-2200-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2200-1", }, { name: "USN-2201-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2201-1", }, { name: "USN-2196-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2196-1", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2014-0196", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-07T13:36:55.768079Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-05-12", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-0196", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-362", description: "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-07T13:36:58.638Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-04-29T00:00:00.000Z", descriptions: [ { lang: "en", value: "The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the \"LECHO & !OPOST\" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-01-05T14:57:01.000Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "USN-2203-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2203-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html", }, { name: "106646", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/106646", }, { name: "SUSE-SU-2014:0683", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html", }, { name: "[oss-security] 20140429 CVE-2014-0196: Linux kernel pty layer race condition memory corruption", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2014/05/05/6", }, { name: "59262", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59262", }, { name: "USN-2204-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2204-1", }, { name: "59218", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59218", }, { name: "USN-2202-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2202-1", }, { name: "33516", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "http://www.exploit-db.com/exploits/33516", }, { name: "DSA-2928", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2014/dsa-2928", }, { name: "USN-2199-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2199-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://linux.oracle.com/errata/ELSA-2014-0771.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1094232", }, { name: "USN-2197-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2197-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://source.android.com/security/bulletin/2016-07-01.html", }, { name: "RHSA-2014:0512", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0512.html", }, { name: "59599", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59599", }, { name: "DSA-2926", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2014/dsa-2926", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00", }, { name: "SUSE-SU-2014:0667", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html", }, { tags: [ "x_refsource_MISC", ], url: "http://pastebin.com/raw.php?i=yTSFUBgZ", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugzilla.novell.com/show_bug.cgi?id=875690", }, { name: "USN-2198-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2198-1", }, { name: "USN-2200-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2200-1", }, { name: "USN-2201-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2201-1", }, { name: "USN-2196-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2196-1", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2014-0196", datePublished: "2014-05-07T10:00:00.000Z", dateReserved: "2013-12-03T00:00:00.000Z", dateUpdated: "2025-02-07T13:36:58.638Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2015-4047 (GCVE-0-2015-4047)
Vulnerability from cvelistv5
Published
2015-05-29 15:00
Modified
2024-08-06 06:04
Severity ?
EPSS score ?
Summary
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T06:04:02.635Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "DSA-3272", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2015/dsa-3272", }, { name: "20150520 Re: 0-day Denial of Service in IPsec-Tools", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2015/May/83", }, { name: "FEDORA-2015-8968", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html", }, { name: "20150519 0-day Denial of Service in IPsec-Tools", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2015/May/81", }, { name: "FEDORA-2015-8948", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.altsci.com/ipsec/ipsec-tools-sa.html", }, { name: "1032397", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1032397", }, { name: "[oss-security] 20150519 CVE Request: ipsec-tools", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/05/20/1", }, { name: "74739", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/74739", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html", }, { name: "USN-2623-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2623-1", }, { name: "[oss-security] 20150521 Re: CVE Request: ipsec-tools", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2015/05/21/11", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/csp/article/K05013313", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-05-06T00:00:00", descriptions: [ { lang: "en", value: "racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-03-26T14:06:07", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "DSA-3272", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2015/dsa-3272", }, { name: "20150520 Re: 0-day Denial of Service in IPsec-Tools", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2015/May/83", }, { name: "FEDORA-2015-8968", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html", }, { name: "20150519 0-day Denial of Service in IPsec-Tools", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://seclists.org/fulldisclosure/2015/May/81", }, { name: "FEDORA-2015-8948", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html", }, { tags: [ "x_refsource_MISC", ], url: "https://www.altsci.com/ipsec/ipsec-tools-sa.html", }, { name: "1032397", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1032397", }, { name: "[oss-security] 20150519 CVE Request: ipsec-tools", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/05/20/1", }, { name: "74739", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/74739", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html", }, { name: "USN-2623-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2623-1", }, { name: "[oss-security] 20150521 Re: CVE Request: ipsec-tools", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2015/05/21/11", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/csp/article/K05013313", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2015-4047", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "DSA-3272", refsource: "DEBIAN", url: "http://www.debian.org/security/2015/dsa-3272", }, { name: "20150520 Re: 0-day Denial of Service in IPsec-Tools", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2015/May/83", }, { name: "FEDORA-2015-8968", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html", }, { name: "20150519 0-day Denial of Service in IPsec-Tools", refsource: "FULLDISC", url: "http://seclists.org/fulldisclosure/2015/May/81", }, { name: "FEDORA-2015-8948", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html", }, { name: "https://www.altsci.com/ipsec/ipsec-tools-sa.html", refsource: "MISC", url: "https://www.altsci.com/ipsec/ipsec-tools-sa.html", }, { name: "1032397", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1032397", }, { name: "[oss-security] 20150519 CVE Request: ipsec-tools", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/05/20/1", }, { name: "74739", refsource: "BID", url: "http://www.securityfocus.com/bid/74739", }, { name: "http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html", }, { name: "USN-2623-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2623-1", }, { name: "[oss-security] 20150521 Re: CVE Request: ipsec-tools", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2015/05/21/11", }, { name: "https://support.f5.com/csp/article/K05013313", refsource: "CONFIRM", url: "https://support.f5.com/csp/article/K05013313", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2015-4047", datePublished: "2015-05-29T15:00:00", dateReserved: "2015-05-20T00:00:00", dateUpdated: "2024-08-06T06:04:02.635Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2016-5021 (GCVE-0-2016-5021)
Vulnerability from cvelistv5
Published
2016-06-24 17:00
Modified
2024-08-06 00:46
Severity ?
EPSS score ?
Summary
The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/ | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1036172 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T00:46:40.222Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/", }, { name: "1036172", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1036172", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-06-09T00:00:00", descriptions: [ { lang: "en", value: "The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-07-22T16:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/", }, { name: "1036172", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1036172", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2016-5021", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/", refsource: "CONFIRM", url: "https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/", }, { name: "1036172", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1036172", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2016-5021", datePublished: "2016-06-24T17:00:00", dateReserved: "2016-05-24T00:00:00", dateUpdated: "2024-08-06T00:46:40.222Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2015-05-29 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ipsec-tools:ipsec-tools:0.8.2:*:*:*:*:*:*:*", matchCriteriaId: "B4F6D424-26B7-4CD2-80B4-96FBA9E2FA5C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", matchCriteriaId: "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", matchCriteriaId: "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", matchCriteriaId: "56BDB5A0-0839-4A20-A003-B8CD56F48171", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "55C26031-A354-4E19-A1C3-415336B2E7C5", versionEndIncluding: "11.6.4", versionStartIncluding: "11.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3B9AF8FC-B730-428D-B317-86ABEF924299", versionEndIncluding: "12.1.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:13.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3D75D5AD-C20A-4D94-84E0-E695C9D2A26D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "A53BE5FB-7405-4952-B3BD-6B0B8213F98A", versionEndIncluding: "11.6.4", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1A2670B3-1A96-4E72-A316-0AF826E8EC8B", versionEndIncluding: "12.1.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:13.0.0:*:*:*:*:*:*:*", matchCriteriaId: "BA7D64DC-7271-4617-BD46-99C8246779CA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "69FBB7A9-69E7-4E84-ABBF-3430FA4FB757", versionEndIncluding: "11.6.4", versionStartIncluding: "11.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5AD67D31-7FB8-4A3F-915D-385617E21428", versionEndIncluding: "12.1.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:13.0.0:*:*:*:*:*:*:*", matchCriteriaId: "8C4E5F36-434B-48E1-9715-4EEC22FB23D1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "9970DEE7-9ED1-496F-A5DD-D41A0E13968E", versionEndIncluding: "11.6.4", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "2620230F-1D8D-423D-953E-9EEF934C56DD", versionEndIncluding: "12.1.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:13.0.0:*:*:*:*:*:*:*", matchCriteriaId: "34D75E7F-B65F-421D-92EE-6B20756019C2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D1488BC3-CBE9-4944-8573-D7EBE36713B8", versionEndIncluding: "11.6.4", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "17D2F203-B830-42E5-AE54-17453F72A45D", versionEndIncluding: "12.1.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:13.0.0:*:*:*:*:*:*:*", matchCriteriaId: "BCF89E7C-806E-4800-BAA9-0225433B6C56", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "79157FB3-C12D-4E05-81A3-776381822B2F", versionEndIncluding: "11.6.4", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "283155E5-EEAB-4E05-A0E7-B9C5077A5029", versionEndIncluding: "12.1.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:13.0.0:*:*:*:*:*:*:*", matchCriteriaId: "7569977A-E567-4115-B00C-4B0CBA86582E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "E90D8985-EDE3-4613-9B4A-E3929D1D3721", versionEndIncluding: "12.1.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:13.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3F2F72B2-84F2-4FA2-9B53-E98344235EB6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "C8942D9D-8E3A-4876-8E93-ED8D201FF546", versionEndIncluding: "11.3.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3A3BBF17-573E-430A-86CB-A9A2A47940E3", versionEndIncluding: "11.6.4", versionStartIncluding: "11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "BEB08984-6E30-41C0-B283-66D2AAE1E8B7", versionEndIncluding: "11.6.4", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "72ED4B6A-EC5B-400E-88B7-6C986FC5BC4F", versionEndIncluding: "12.1.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:13.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E2C4414E-8016-48B5-8CC3-F97FF2D85922", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E859BDBF-D0E7-4621-83F3-4079EEB111BC", versionEndIncluding: "11.6.4", versionStartIncluding: "11.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "37257612-FAA4-4004-A4D3-4624F06F0615", versionEndIncluding: "12.1.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:13.0.0:*:*:*:*:*:*:*", matchCriteriaId: "42821916-E601-4831-B37B-3202ACF2C562", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "96B6E81C-8DCA-4560-ABD7-8FB73FBE3824", versionEndIncluding: "11.4.1", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "68BC025A-D45E-45FB-A4E4-1C89320B5BBE", versionEndIncluding: "11.3.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "7C75978B-566B-4353-8716-099CB8790EE0", versionEndIncluding: "11.3.0", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_adc:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "C9768142-C554-44DE-B8D5-45CB51E3C34C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*", matchCriteriaId: "24AEF0B2-7C8C-432C-A840-C2441A70343F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "8C8BF865-BA45-4711-829F-EC8E5EA22D2F", versionEndIncluding: "4.5.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E21D6206-4716-47FE-A733-F18343656E94", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:*:*:*:*:*:*:*:*", matchCriteriaId: "3BC0EAFD-DA5E-4A1B-81CB-0D5A964F9EB6", versionEndIncluding: "4.5.0", versionStartIncluding: "4.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:*:*:*:*:*:*:*:*", matchCriteriaId: "6B3E56EB-202A-4F58-8E94-B2DDA1693498", versionEndIncluding: "4.5.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:enterprise_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "482E630B-93A1-4B9B-8273-821C116ADC4F", versionEndIncluding: "3.1.1", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests.", }, { lang: "es", value: "racoon/gssapi.c en IPsec-Tools 0.8.2 permite a atacantes remotos causar una denegación de servicios (referencia a puntero nulo y caída de demonio IKE) a través de una serie de solicitudes UDP manipuladas.", }, ], id: "CVE-2015-4047", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2015-05-29T15:59:19.030", references: [ { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2015/May/81", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2015/May/83", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3272", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2015/05/20/1", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2015/05/21/11", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/74739", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032397", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2623-1", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K05013313", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.altsci.com/ipsec/ipsec-tools-sa.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159482.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159549.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/131992/IPsec-Tools-0.8.2-Denial-Of-Service.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2015/May/81", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/fulldisclosure/2015/May/83", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2015/dsa-3272", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2015/05/20/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2015/05/21/11", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/74739", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1032397", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2623-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://support.f5.com/csp/article/K05013313", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://www.altsci.com/ipsec/ipsec-tools-sa.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-476", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-05-13 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "ABF47456-CCA0-4817-9AEF-631DC152174E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "FB5F9107-549C-40EF-B355-C7E93A979CDD", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "B1A1C200-30B2-4B38-BC74-D11E54530A96", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "1C0312FC-8178-46DE-B4EE-00F2895073BA", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "BC6C5628-14FF-4D75-B62E-D4B2707C1E3D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "C9E574F6-34B6-45A6-911D-E5347DA22F69", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "BCF94129-8779-4D68-8DD4-B828CA633746", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CFA77C6B-72DB-4D57-87CF-11F2C7EDB828", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3B62FEC0-EE22-46E6-B811-8AB0EE4C3E2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "8D94751C-A340-4DE7-821A-5143FA0011E4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "EC69B41E-C22D-48D2-8609-60C018F1F48D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "270EEBF6-46FA-48FC-BEC9-9C0838A86BB4", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "93310708-E1FE-445A-BB1F-7D1F553AEC65", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "1AD2C1D2-103E-4B0F-84AA-999F01E695F0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "855E91A4-0A0C-4E5C-8019-FB513A793803", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "FCCC2092-E109-4FF6-9B85-6C9434269851", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "8923BB93-96C1-417B-9172-4A81E731EBA2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "475F0EF8-42CB-4099-9C4A-390F946C4924", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "62B0A70A-D101-443E-A543-5EC35E23D66F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "C4CB61D3-DF59-4EE0-A0F0-5899850496B9", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "FF646EF0-56C8-492E-A78D-B00ECAA8D851", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "0D42B922-A5F7-41FC-A361-BA0E065B5B00", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "13E6D2CA-CC4F-4317-A842-4DF0693B0CB6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AB017D7A-3290-4EF5-9647-B488771A5F32", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "4F316C54-FAE4-48D8-9E40-ED358C30BF24", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "AC0F5FD3-45E7-4D55-A3AC-6572FC0682D0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "5CDEC701-DAB3-4D92-AA67-B886E6693E46", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E90C12AF-44BA-44A2-89ED-0C2497EEC8A6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "7507BDFF-5B52-4A06-9F8C-2B6F3958162A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "6E0141FA-44E9-460E-B175-29A7FA251301", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "8DD27EF7-3329-4009-959F-D2E4D5935E57", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "3755740D-F1DC-4910-ADDD-9D491515201C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "EA244A7D-F65D-4114-81C8-CE811959EA10", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "5EA9F72C-8344-4370-B511-31BEC8BA63E8", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "96CF015E-C74B-4215-9103-8087BC1D12AB", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B276E4DF-69FC-4158-B93A-781A45605034", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "532AAF54-64EF-4852-B4F1-D5E660463704", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "52CD200C-1D14-471F-93C1-027CC676C26C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4D1850CE-D20D-4677-8CF2-1DB3A4EB33F2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "0A70B1E2-0B3D-4DE9-8ED9-777F73D0B750", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A7D226F1-6513-4233-BE20-58D7AB24978F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "B33B2082-E040-4799-A260-BA687ED8614E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "A85766A4-2181-4719-ADCF-4FEA0031DB80", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "D2E93EE3-DB73-468E-87CA-4D277F283648", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B70D2BD5-8E3F-4B57-84EF-3AF40F6378F1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D0EDB8E9-E6FB-406E-B1D3-C620F114804C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "7507BDFF-5B52-4A06-9F8C-2B6F3958162A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "6E0141FA-44E9-460E-B175-29A7FA251301", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "8DD27EF7-3329-4009-959F-D2E4D5935E57", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "3755740D-F1DC-4910-ADDD-9D491515201C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "EA244A7D-F65D-4114-81C8-CE811959EA10", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "5EA9F72C-8344-4370-B511-31BEC8BA63E8", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "96CF015E-C74B-4215-9103-8087BC1D12AB", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B276E4DF-69FC-4158-B93A-781A45605034", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "532AAF54-64EF-4852-B4F1-D5E660463704", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "17C28542-51A4-4464-ADF9-C6376F829F4A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "584853F9-644F-40B2-A28F-1CE9B51F84F6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "DFE665CF-A633-474E-9519-D20E3D3958CF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_device:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "EBA4FC82-F8FB-4F11-94DA-12D280A18E3D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0303BEA3-02EB-4F7C-96C5-29E231832CEA", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "27CAD4CD-9228-4DE5-A333-2862AC18F24B", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "283BF2C8-BED6-4FB5-91C0-E53F338F3AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D98BEE39-FD68-49FC-A2A2-8926FFA4BF51", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0003813A-C1A8-4ED1-A04C-7AE961E7FA22", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "DEC1A702-0CCB-48F9-A42E-D8C756DD9D76", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_application_delivery_controller:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "222B4DE7-1D3D-40DF-A9EB-EFABDA8FAEA6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "96673865-3D37-4562-831E-3ACE9DFB471E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A49B1D82-3EC2-4E20-8FF5-58248905E964", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "7E4CC3E0-F9B8-433F-A2B0-2306144F9B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8993275-E17E-4A69-8D95-A8229E0E88D6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "0594DBC5-8470-416C-A5EA-E04F5AB2C799", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "B50BF19F-71B4-47C0-A96E-6EB90FCC6AE7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "BD3A3BA6-6F60-45CA-8F52-687B671B077A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "202B6870-718C-4F8D-9BAB-7ED6385BF2A7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "D7D7863D-B064-4D7A-A66B-C3D3523425FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.0:*:*:*:*:*:*:*", matchCriteriaId: "A9F443F1-C43F-42AD-98E4-AE11C72F363E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "624EFAEB-15C2-422F-BAD1-D0BC37878349", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "76C1525D-46DE-4362-BBAD-095BBF718990", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "259C05BB-6349-4005-9372-21623DC5002D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "E5D27D4A-BD5C-4FA9-AA72-F7956298DE06", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "12F86EB5-D581-4103-A802-44D968BA8D55", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "36F383ED-8CB5-400D-BFDB-BD5B8CD8C7AE", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "E6203A11-82C3-4ABA-94E9-085BFF1A0E4C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "2FF5A5F6-4BA3-4276-8679-B5560EACF2E0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "44F1E5E0-BD63-4A4A-BC4E-A1D5495F8B5C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E21D6206-4716-47FE-A733-F18343656E94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D88F8F3B-DD8B-4BB3-BB68-C43583318400", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F677AF16-146D-41A5-ABF3-56DB9C0D6CA6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "CE13DA9F-8460-430E-B939-BF17A7D37A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.3.0:*:*:*:*:*:*:*", matchCriteriaId: "70A04EB1-0C2C-4FC0-9E4D-05AFE65503D7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "CF93E82F-D38C-4D4D-99EB-E334EE163C4E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A3471D34-A76C-498A-8C45-1553A579A88B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*", matchCriteriaId: "24AEF0B2-7C8C-432C-A840-C2441A70343F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_device:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "EBA4FC82-F8FB-4F11-94DA-12D280A18E3D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:4.3.0:*:*:*:*:*:*:*", matchCriteriaId: "CB5D327F-4233-45CE-A557-F7BA717AF057", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "99E5F378-E93E-45F6-A445-F2DAB5C423F7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A9538F63-3DC9-42CC-87D5-3CA048AE52A6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "3CA52816-C4B7-4B1E-A950-EE9B571CB06B", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "F2AA5127-5314-4026-905D-937B7B62473F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "09E42DAA-700D-487C-9238-F7F3D75A8C1A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "1B6EA0C0-9C26-4A87-98F1-5B317D606ECB", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "4D379372-A226-4230-B1F3-04C696518BD8", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "22FAC35D-2803-49B0-9382-F14594B88FC5", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "3C72257B-FF99-4707-A0E3-316D538B1CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CB8D3B87-B8F5-490A-B1D9-04F2EE93EEA3", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "23FF9627-E561-4CF7-A685-6E33D2F6C98C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "524B2D05-508C-47FF-94A0-6CC42060E638", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "974C5213-99F7-4E8A-AC6A-8759697F19C4", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "E288D50B-7EFA-4FC8-938B-EE3765FFA24D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "0E3D8A24-0B8D-432B-8F06-D0E1642E7C1C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "A4489382-0668-4CFB-BA89-D54762937CEE", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "9850D0AA-B173-47B2-9B69-75E6D1FAF490", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "281D0B5B-27DF-4E8A-AFC9-D09468F8ECDF", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5B40837-EC2B-41FB-ACC3-806054EAF28C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3CA2FA6B-3930-432F-8FB5-E73604CEFE42", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_enterprise_manager:3.0.0:*:*:*:*:*:*:*", matchCriteriaId: "13753E9F-11AA-41F4-930E-BD9866D03396", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_enterprise_manager:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "8D04FC0C-5E44-4DAD-9542-C772EA35916C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_enterprise_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "ADE47FF9-E13D-41D3-BEA2-EF1B973CB0A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "96673865-3D37-4562-831E-3ACE9DFB471E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "200A9CE9-E56D-4EFA-AC8A-954F945DDDBB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP DNS 12.x before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP PSM 11.3.x and 11.4.x before 11.4.1 HF10; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 on the 3900, 6900, 8900, 8950, 11000, 11050, PB100 and PB200 platforms, when software SYN cookies are configured on virtual servers, allow remote attackers to cause a denial of service (High-Speed Bridge hang) via an invalid TCP segment.", }, { lang: "es", value: "F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller y PEM 11.3.x, 11.4.x en versiones anteriores a 11.4.1 HF10, 11.5.x en versiones anteriores a 11.5.4, 11.6.x en versiones anteriores a 11.6.1 y 12.x en versiones anteriores a 12.0.0 HF1; BIG-IP AAM 11.4.x en versiones anteriores a 11.4.1 HF10, 11.5.x en versiones anteriores a 11.5.4, 11.6.x en versiones anteriores a 11.6.1 y 12.x en versiones anteriores a 12.0.0 HF1; BIG-IP DNS 12.x en versiones anteriores a 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator y WOM 11.3.0; BIG-IP GTM 11.3.x, 11.4.x en versiones anteriores a 11.4.1 HF10, 11.5.x en versiones anteriores a 11.5.4 y 11.6.x en versiones anteriores a 11.6.1; BIG-IP PSM 11.3.x y 11.4.x en versiones anteriores a 11.4.1 HF10; Enterprise Manager 3.0.0 hasta la versión 3.1.1; BIG-IQ Cloud and BIG-IQ Security 4.0.0 hasta la versión 4.5.0; BIG-IQ Device 4.2.0 hasta la versión 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; y BIG-IQ Cloud and Orchestration 1.0.0 en las plataformas 3900, 6900, 8900, 8950, 11000, 11050, PB100 y PB200, cuando las cookies del sofware SYN están configuradas en servidores virtuales, permite a atacantes remotos provocar una denegación de servicio (cuelgue de High-Speed Bridge) a través de un segmento TCP no válido.", }, ], id: "CVE-2015-8099", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-05-13T16:59:05.873", references: [ { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1035873", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1035874", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/35/sol35358312.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035873", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1035874", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/35/sol35358312.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-07-19 14:29
Modified
2024-11-21 04:09
Severity ?
Summary
On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | http://www.securityfocus.com/bid/104920 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | http://www.securitytracker.com/id/1041340 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | http://www.securitytracker.com/id/1041341 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K82038789 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104920 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041340 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041341 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K82038789 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "B719583F-D2FE-4F29-9FC2-613F979737E6", versionEndIncluding: "11.5.6", versionStartIncluding: "11.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "A17594BD-C3CF-441F-82E3-FB98A0606845", versionEndIncluding: "11.6.3.1", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "D4592661-3ADE-447E-90E9-8B02B9FFC952", versionEndIncluding: "12.1.3.3", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "332B12F5-543D-450C-AEED-19BECC56CF13", versionEndIncluding: "13.0.1", versionStartIncluding: "13.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B9F34B4F-BA2F-45D9-B2EB-B9196BD6CDF7", versionEndIncluding: "11.5.6", versionStartIncluding: "11.5.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EC942249-E5D9-4CB1-A6D4-40333C20F561", versionEndIncluding: "11.6.3.1", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "A26916E3-9C93-4BB1-BF28-3D1C6BBA78BE", versionEndIncluding: "12.1.3.3", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5A2564C2-BD67-4DDE-A122-74F7E6C22318", versionEndIncluding: "13.0.1", versionStartIncluding: "13.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "D5F5FEE7-059A-4A9B-BCCD-18F0AA435040", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "311994A3-8C3E-46C2-A971-7100DFBD82D9", versionEndIncluding: "5.1.0", versionStartIncluding: "5.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E21D6206-4716-47FE-A733-F18343656E94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:f5_iworkflow:*:*:*:*:*:*:*:*", matchCriteriaId: "698761C4-9108-4EF9-81C1-4886E09D2211", versionEndIncluding: "2.3.0", versionStartIncluding: "2.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up.", }, { lang: "es", value: "En F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1 o 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0 o F5 iWorkflow 2.1.0-2.3.0, el proceso big3d no no minimiza irrevocablemente los privilegios de grupo al arranque.", }, ], id: "CVE-2018-5540", lastModified: "2024-11-21T04:09:01.897", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:L/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-07-19T14:29:00.730", references: [ { source: "f5sirt@f5.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104920", }, { source: "f5sirt@f5.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041340", }, { source: "f5sirt@f5.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041341", }, { source: "f5sirt@f5.com", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/csp/article/K82038789", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/104920", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041340", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1041341", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/csp/article/K82038789", }, ], sourceIdentifier: "f5sirt@f5.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-01-08 01:15
Modified
2024-11-21 02:11
Severity ?
Summary
An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ntp:ntp:4.2.7:p25:*:*:*:*:*:*", matchCriteriaId: "FE315238-7191-4A2E-A3C6-2162BE589C78", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "40267CF4-9AC8-48ED-9DD4-7F947045AE9C", versionEndIncluding: "10.2.4", versionStartIncluding: "10.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "699BDE7D-B02D-41A8-BD2C-936B54107616", versionEndIncluding: "11.6.4", versionStartIncluding: "11.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "17D2F203-B830-42E5-AE54-17453F72A45D", versionEndIncluding: "12.1.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1331467F-B278-485E-AD91-7D0643C2F3DB", versionEndIncluding: "13.1.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "BEBAD7C4-AC37-463F-B63C-6EAD5542F2A0", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "FB630A86-FB84-4199-9E4D-38EB620806CB", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "C046FBE7-DCCD-40FE-AC1F-4DAD11D2E0AC", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3E695F85-F170-4FD4-819E-7DAF31662BF4", versionEndIncluding: "11.6.4", versionStartIncluding: "11.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5AD67D31-7FB8-4A3F-915D-385617E21428", versionEndIncluding: "12.1.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E866C4E5-D739-4352-9B6D-9753B4C78A24", versionEndIncluding: "13.1.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "720A06E3-441B-4D51-8FC0-D569DD7FEB10", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6FF1C75A-F753-40CB-9E26-DA6D31931DDC", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "9C7CC5A1-6E7B-48BE-9E0A-0D1E51FCEA3D", versionEndIncluding: "11.6.4", versionStartIncluding: "11.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "2620230F-1D8D-423D-953E-9EEF934C56DD", versionEndIncluding: "12.1.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "42D16634-442B-4674-B11E-6748D28764BD", versionEndIncluding: "13.1.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "713EB3E7-A657-4F6A-901D-618AF660CBBC", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "867B2CA9-DAE5-4070-B8E6-F624C59F5054", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EACA0835-51AD-4AC0-8C87-5564F3A821CD", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "55C26031-A354-4E19-A1C3-415336B2E7C5", versionEndIncluding: "11.6.4", versionStartIncluding: "11.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3B9AF8FC-B730-428D-B317-86ABEF924299", versionEndIncluding: "12.1.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1D91EC11-DD9A-434B-9EB4-14AA0E977D8D", versionEndIncluding: "13.1.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D2833083-97E9-4B3C-8E6B-BCAC1851D148", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B8C7C45A-CC14-4092-903C-3001986D2859", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "BFC01B17-9BC3-425F-8187-5AE7B0AAC227", versionEndIncluding: "10.2.4", versionStartIncluding: "10.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5DD8FE5B-DA42-41F3-AF57-2DB6C0C70661", versionEndIncluding: "11.6.4", versionStartIncluding: "11.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "283155E5-EEAB-4E05-A0E7-B9C5077A5029", versionEndIncluding: "12.1.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E697E4FD-1882-4BF8-9B9F-FB7DFD19497B", versionEndIncluding: "13.1.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6434ED4F-0BA2-445A-B6E9-D3E301EE3930", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "A635FEC4-4F52-4971-A67D-47E68108E4F4", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "2C2A9F32-FF72-44AA-AA1A-5B09E8E57E24", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "E90D8985-EDE3-4613-9B4A-E3929D1D3721", versionEndIncluding: "12.1.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "394DF290-9328-4FAD-B04E-61F62B916148", versionEndIncluding: "13.1.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "AEC2164D-11D0-4DCD-B814-6AB185C3BADF", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "AA4AE425-1D86-4DB9-8B8F-74C6678BD528", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "5F8F3686-2C9F-4EB1-973D-FBBC6401744F", versionEndIncluding: "10.2.4", versionStartIncluding: "10.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "3136A8D1-3D0D-46B3-9A3A-737074864F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "94BB8ADB-C47F-451D-8431-BAE51137C0D8", versionEndIncluding: "10.2.4", versionStartIncluding: "10.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B1456F84-12B3-462C-A007-262680AA114B", versionEndIncluding: "11.6.4", versionStartIncluding: "11.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "84452450-77FA-4708-9C86-5464D541C8ED", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "68FBFE46-BCFB-4337-8990-9E92C5C0647E", versionEndIncluding: "10.2.4", versionStartIncluding: "10.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "9071FCDD-36CE-49F2-9CB1-4495BF852F5B", versionEndIncluding: "11.6.4", versionStartIncluding: "11.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "72ED4B6A-EC5B-400E-88B7-6C986FC5BC4F", versionEndIncluding: "12.1.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "68E2840B-96F4-4437-91D1-4AFE99E54D6A", versionEndIncluding: "13.1.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "09C950E6-BF12-43D4-9125-AD9D90EDD67A", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2DD53088-3BD4-4AF9-8934-4905231A75E8", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "1A99DC2F-BFC7-4FEA-87DF-5E9DF428F2D3", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EC944480-C2AD-4338-871D-02DE26B3E80A", versionEndIncluding: "10.2.4", versionStartIncluding: "10.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "534529CB-53EF-4ABB-A220-6B42DB5A69DC", versionEndIncluding: "11.6.4", versionStartIncluding: "11.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1A2670B3-1A96-4E72-A316-0AF826E8EC8B", versionEndIncluding: "12.1.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B83479FA-82FB-4F71-9B98-E683745DB49E", versionEndIncluding: "13.1.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D17CC587-3325-4D95-BE63-B948C63B411D", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "F9EA336A-8055-4DA8-8F79-07C4ADE83E32", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "6FB6D7D8-2688-48A2-8E3E-341881EF0B4C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "A75EC568-E2B5-4F4E-AECC-44EA39A7EA21", versionEndIncluding: "11.6.4", versionStartIncluding: "11.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "37257612-FAA4-4004-A4D3-4624F06F0615", versionEndIncluding: "12.1.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "15F4D416-10F4-4C08-A25D-0795F7FE0FBE", versionEndIncluding: "13.1.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9AD3B4BB-7F5C-4565-9345-2D4895630AAD", versionEndIncluding: "14.1.0", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*", matchCriteriaId: "B872A0D5-9B23-40F2-8AAB-253A4F406D18", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "C31E9AFD-27D1-47C4-A577-20BF6B42A1CA", versionEndIncluding: "10.2.4", versionStartIncluding: "10.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "041CE71A-50D1-44E6-B683-CD7F89C51893", versionEndIncluding: "11.4.1", versionStartIncluding: "11.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B84923CD-9BC8-4241-82A3-5848333FFEB7", versionEndIncluding: "10.2.4", versionStartIncluding: "10.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "7FBA20ED-08F5-4C35-991A-0DBC6BEAECC7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "1A35703D-1BE0-459B-BDF0-08FB7C36A17E", versionEndIncluding: "10.2.4", versionStartIncluding: "10.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "FF7FCC81-2F1D-4EF5-956B-085FB7FEFAE7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_adc:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "C9768142-C554-44DE-B8D5-45CB51E3C34C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "559900D6-7E43-4D2F-9167-BDB04DD5D0DB", versionEndIncluding: "5.4.0", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "F37D18F2-8C6A-4557-85DC-2A751595423C", versionEndIncluding: "6.1.0", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*", matchCriteriaId: "24AEF0B2-7C8C-432C-A840-C2441A70343F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "8C8BF865-BA45-4711-829F-EC8E5EA22D2F", versionEndIncluding: "4.5.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E21D6206-4716-47FE-A733-F18343656E94", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:*:*:*:*:*:*:*:*", matchCriteriaId: "3BC0EAFD-DA5E-4A1B-81CB-0D5A964F9EB6", versionEndIncluding: "4.5.0", versionStartIncluding: "4.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:*:*:*:*:*:*:*:*", matchCriteriaId: "6B3E56EB-202A-4F58-8E94-B2DDA1693498", versionEndIncluding: "4.5.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "D5F5FEE7-059A-4A9B-BCCD-18F0AA435040", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:iworkflow:*:*:*:*:*:*:*:*", matchCriteriaId: "8FD83CC2-44E9-43F2-A9EF-E6A0C9C6E261", versionEndIncluding: "2.3.0", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:mobilesafe:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "EBA70E87-466F-4B68-BFA1-C33FCEEE9FEC", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:websafe:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "AE8D2705-DD84-4F26-94E1-4E6644556A98", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.", }, { lang: "es", value: "Existe una vulnerabilidad de Divulgación de Información en los mensajes privados (modo 6/7) de NTP versión 4.2.7p25 por medio de un mensaje de control GET_RESTRICT, que podría permitir a un usuario malicioso obtener información confidencial.", }, ], id: "CVE-2014-5209", lastModified: "2024-11-21T02:11:37.840", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-01-08T01:15:09.547", references: [ { source: "cret@cert.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841", }, { source: "cret@cert.org", url: "https://support.f5.com/csp/article/K44942017", }, { source: "cret@cert.org", url: "https://support.f5.com/csp/article/K44942017", }, { source: "cret@cert.org", url: "https://support.f5.com/csp/article/K44942017?utm_source=f5support&%3Butm_medium=RSS", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/95841", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K44942017", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K44942017", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.f5.com/csp/article/K44942017?utm_source=f5support&%3Butm_medium=RSS", }, ], sourceIdentifier: "cret@cert.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-31 14:29
Modified
2024-11-21 03:50
Severity ?
Summary
When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | https://support.f5.com/csp/article/K01067037 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K01067037 | Mitigation, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C0740491-CFC6-4D53-A39F-3244710282D0", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1F9094D4-087E-45D8-AD7B-A2FA1BF1E2F8", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D746D9C6-28DE-4170-9F08-16C58F160752", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EFECB54D-C240-495E-A97B-6694BB992C9D", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B3A526B1-EB66-497F-B8B5-45205781B323", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "88880F08-386C-4BC3-952D-DD1665D8B1EB", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "41D7E35D-EAC4-4D00-BB52-19414EEDD286", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D8478F27-F451-4C94-9D45-9FCF30B6EB84", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B6F24FC1-B549-48F9-AF0E-AB441E5EE4B4", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9032E773-CAB2-4108-A86B-04A8383663BE", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C47559FB-EC85-4A3A-B967-0BD37934B33D", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "40C7F0AE-F55C-42D9-A6EF-1A0D53FFD4DE", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "17F63A24-36A9-4C90-B73B-131A5658C4C1", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "CE608E62-F3E2-405C-8239-760A7C1E1527", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "51218200-4536-4ED9-AA9A-301E2B30B829", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "B3EDF519-7610-4223-BBD7-B75438ACD8B2", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "39C62474-8F2E-4394-8B9E-FB06F8CE95C4", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "CCA46825-0425-4C7D-B846-05E6D4081F51", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "05456A39-5301-421B-853A-4651E1B13DE8", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "224F2348-19DC-4242-8A1E-5F5BDCB86B9C", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D1C0F266-7321-4BBC-B5C6-8D25DCC1715F", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "76F51999-6742-445C-936B-C2873C5F27CB", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8A537300-3211-4136-89C7-B99AD4F13B8C", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9F921FE3-B481-4552-AE7C-FEE05DB6D301", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E021297A-FD19-446B-B526-7516503B6D24", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "28DE49F7-E999-4D3F-8767-A2C3615DF780", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "21A5DC79-66A0-4195-9A19-42FD2B5D7941", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "897F4A4D-D2E2-4171-8ECA-7E981034DE16", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "84F95F43-BF52-423E-9B1A-55D6B7262A57", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "DC852AA9-7C30-44D8-A964-07DF817A4FF2", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "8ABCEA29-0EDF-4D41-BB61-F2C293A5A2E2", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "FB32AD06-69AF-4289-B854-ED9141E76582", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "31C5842B-0261-4CDB-888E-329FF7D73108", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "7B73F018-4FAD-48B3-9806-FC827787E323", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "9D11EBE7-741F-4585-962F-99EAA29C1F0E", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "55366FD7-D7BA-4D36-AC5D-1B822940842F", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "D63E2912-58B9-4541-8E5D-993F73AB74F1", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "FC818DB1-C85A-47A3-ABE2-0FFCD7AC3E40", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "11876D9C-0082-454A-8254-B5FD74E87719", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "57F6C963-A1BF-4579-9345-D0207269577A", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "8C050740-2FD3-474D-A09A-C122F031342F", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "C21FA11D-0C58-4DF7-85E0-5E8E7B1F14A8", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "ADB7193B-3BEF-4920-9893-FF196E785850", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "2680D4AD-CCD0-4964-8D8F-CF1FCDA2BEC3", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "DC6B989A-BA55-47F5-8269-D9FA435ECC29", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2FC80682-E373-4508-A297-EA19BF62BABA", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "42E368FA-5A85-428E-B63D-FD027CD46E8E", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2E5B875A-ACFE-4C98-B6C4-5A6262C09E23", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "A00660C1-7A1C-42CF-A829-503DC2EC08E0", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "F534EADF-DA49-4EDD-97F8-C4046E890D8B", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "9EBEBCB3-AF9E-4049-980D-E87B756D6D51", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "34EC5593-4293-4D2A-A110-25D371F3E281", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "1ED25E87-39BC-4D15-B37A-FCBE97F7D3D2", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "49F45207-07ED-4DF8-ABDA-4AD3E9CA26D1", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "D0233F1B-2DDB-4B01-A549-E76C18BBC3F1", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B885F0E9-8019-4053-AAAA-2C136D55FB71", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6217D65D-B15B-426B-8692-BA461BB57663", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "56181224-56D4-43BE-A296-52DF599A2BD5", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1D43A55D-E9D4-45A3-8B41-B4B22BE4A536", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "90DBE74F-6E43-448F-9479-8FD75D5DCC22", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "D655B3FF-5173-4850-B94C-B864E2115D95", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "91F78D2C-DC7C-4B1C-AB44-3CB810240D42", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "6355263D-8407-466D-BB71-CB6316EDC668", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "D9479031-90AA-4C1D-B14C-CDFFBC99CCDE", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "E6ADE585-616C-4B40-A40C-EE97A8FAC653", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "D5F5FEE7-059A-4A9B-BCCD-18F0AA435040", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "559900D6-7E43-4D2F-9167-BDB04DD5D0DB", versionEndIncluding: "5.4.0", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*", matchCriteriaId: "24AEF0B2-7C8C-432C-A840-C2441A70343F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E21D6206-4716-47FE-A733-F18343656E94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:iworkflow:*:*:*:*:*:*:*:*", matchCriteriaId: "592FAA61-E5DE-4619-8B55-3BFE260CEEA8", versionEndIncluding: "2.3.0", versionStartIncluding: "2.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "When BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.1.0-2.3.0, or Enterprise Manager 3.1.1 is licensed for Appliance Mode, Admin and Resource administrator roles can by-pass BIG-IP Appliance Mode restrictions to overwrite critical system files. Attackers of high privilege level are able to overwrite critical system files which bypasses security controls in place to limit TMSH commands. This is possible with an administrator or resource administrator roles when granted TMSH. Resource administrator roles must have TMSH access in order to perform this attack.", }, { lang: "es", value: "Cuando BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2 o 11.2.1-11.5.6; BIG-IQ Centralized Management 5.0.0-5.4.0 o 4.6.0; BIG-IQ Cloud and Orchestration 1.0.0; iWorkflow 2.1.0-2.3.0 o Enterprise Manager 3.1.1 está licenciado para el modo Appliance, los roles de administrador Admin y Resource pueden omitir las restricciones del modo Appliance de BIG-IP para sobrescribir archivos críticos del sistema. Los atacantes con nivel alto de privilegios pueden sobrescribir archivos críticos del sistema, lo que omite los controles de seguridad existentes para limitar los comandos TMSH. Esto es posible con roles de administrador o administrador de recursos cuando se otorga TMSH. Los roles de administrador de recursos deben tener acceso TMSH para realizar este ataque.", }, ], id: "CVE-2018-15321", lastModified: "2024-11-21T03:50:33.440", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 5.5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-31T14:29:00.470", references: [ { source: "f5sirt@f5.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://support.f5.com/csp/article/K01067037", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://support.f5.com/csp/article/K01067037", }, ], sourceIdentifier: "f5sirt@f5.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-269", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-05-07 10:55
Modified
2025-04-12 10:46
Severity ?
Summary
The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.
References
Impacted products
{ cisaActionDue: "2023-06-02", cisaExploitAdd: "2023-05-12", cisaRequiredAction: "The impacted product is end-of-life and should be disconnected if still in use.", cisaVulnerabilityName: "Linux Kernel Race Condition Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "FFDB0B31-FFF7-471B-9352-29099002BED7", versionEndExcluding: "3.2.59", versionStartExcluding: "2.6.31", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "992BFD6A-701C-4412-9220-F6C77B4E64F3", versionEndExcluding: "3.4.91", versionStartIncluding: "3.3", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "287DC65B-A513-4FB9-A1CF-69F428030DF8", versionEndExcluding: "3.10.40", versionStartIncluding: "3.5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "D82F8C94-5FA7-4A7A-8855-ECF21B3BBD42", versionEndExcluding: "3.12.20", versionStartIncluding: "3.11", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", matchCriteriaId: "9996644C-371E-49B9-A494-733B1EA513EC", versionEndExcluding: "3.14.4", versionStartIncluding: "3.13", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:2.6.31:-:*:*:*:*:*:*", matchCriteriaId: "2887290A-1B43-4DB9-A9D0-B0B56CD78E48", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:*", matchCriteriaId: "A2507858-675B-4DA2-A49E-00DB54700CF3", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:*", matchCriteriaId: "0A25EA55-3F1C-440C-A383-0BB9556C9508", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*", matchCriteriaId: "B2665356-4EF5-4543-AD15-67FDB851DCCD", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:2.6.31:rc6:*:*:*:*:*:*", matchCriteriaId: "26E7609B-B058-496D-ACDD-7F69FBDE89E5", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:2.6.31:rc7:*:*:*:*:*:*", matchCriteriaId: "210BF049-8B3C-4ACC-BF8E-2C3551477602", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:2.6.31:rc8:*:*:*:*:*:*", matchCriteriaId: "1837F32C-80D3-4E10-AE5D-E9F5A11A434E", vulnerable: true, }, { criteria: "cpe:2.3:o:linux:linux_kernel:2.6.31:rc9:*:*:*:*:*:*", matchCriteriaId: "4B4E132B-A69A-4CD1-B4D9-E17C4361A3AC", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "036E8A89-7A16-411F-9D31-676313BB7244", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", matchCriteriaId: "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*", matchCriteriaId: "8382A145-CDD9-437E-9DE7-A349956778B3", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*", matchCriteriaId: "8A8E07B7-3739-4BEB-88F8-C7F62431E889", vulnerable: true, }, { criteria: "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.3:*:*:*:*:*:*:*", matchCriteriaId: "413CC30E-5FFE-47A4-B38B-80E3A9B13238", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_desktop:11:sp3:*:*:*:-:*:*", matchCriteriaId: "DD41513F-36F9-459C-A0CB-26C025E63CDD", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_high_availability_extension:11:sp3:*:*:*:*:*:*", matchCriteriaId: "B39F3060-6F9E-4F20-8924-FEF5ED8A30CD", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:-:*:*", matchCriteriaId: "B2866FAF-4340-4EA7-9009-6594ADA27AF9", vulnerable: true, }, { criteria: "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:vmware:*:*", matchCriteriaId: "0EA03350-8702-43D5-8605-5FB765A3F60B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:oracle:linux:6:-:*:*:*:*:*:*", matchCriteriaId: "D7B037A8-72A6-4DFF-94B2-D688A5F6F876", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*", matchCriteriaId: "01EDA41C-6B2E-49AF-B503-EB3882265C11", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", matchCriteriaId: "8D305F7A-D159-4716-AB26-5E38BB5CD991", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", matchCriteriaId: "E2076871-2E80-4605-A470-A41C1A8EC7EE", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", matchCriteriaId: "7F61F047-129C-41A6-8A27-FFCBB8563E91", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", matchCriteriaId: "815D70A8-47D3-459C-A32C-9FEACA0659D1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8F315708-017C-4362-9C09-6774F89D9370", versionEndIncluding: "11.5.1", versionStartIncluding: "11.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "48BBEF73-E87D-467F-85EB-47BE212DF0E8", versionEndIncluding: "11.5.1", versionStartIncluding: "11.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "A430FFB4-418C-43DA-8E17-020618A77A56", versionEndIncluding: "11.5.1", versionStartIncluding: "11.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C483253F-841E-4D4E-9B4A-932E9D07268B", versionEndIncluding: "11.5.1", versionStartIncluding: "11.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "7A0CC74C-6914-4A6F-A1CE-65A695AE31F6", versionEndIncluding: "11.5.1", versionStartIncluding: "11.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "9FF30167-0241-4136-82F8-2D2FB545C19A", versionEndIncluding: "11.3.0", versionStartIncluding: "11.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "54A45725-FECD-4CA9-BFA4-E13FCDFDDF13", versionEndIncluding: "11.5.1", versionStartIncluding: "11.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "8C596B3F-9D93-49D2-99D7-D590CC9AEAA5", versionEndIncluding: "11.5.1", versionStartIncluding: "11.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D8696A6B-1B56-43B5-A506-21E17735B9CA", versionEndIncluding: "11.5.1", versionStartIncluding: "11.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E9A06D61-E6CB-4A8A-B06D-9FEA1812C167", versionEndIncluding: "11.5.1", versionStartIncluding: "11.3.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "8C666A18-9DED-4B49-92DE-474403FC17BF", versionEndIncluding: "11.4.1", versionStartIncluding: "11.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "A6B52D60-38DB-4BE9-91F4-B6553F5E5A93", versionEndIncluding: "11.3.0", versionStartIncluding: "11.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "E1E3204F-9464-4AC3-819B-D1A6B399FAE3", versionEndIncluding: "11.3.0", versionStartIncluding: "11.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_application_delivery_controller:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "222B4DE7-1D3D-40DF-A9EB-EFABDA8FAEA6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*", matchCriteriaId: "24AEF0B2-7C8C-432C-A840-C2441A70343F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:*:*:*:*:*:*:*:*", matchCriteriaId: "8C8BF865-BA45-4711-829F-EC8E5EA22D2F", versionEndIncluding: "4.5.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E21D6206-4716-47FE-A733-F18343656E94", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:*:*:*:*:*:*:*:*", matchCriteriaId: "3BC0EAFD-DA5E-4A1B-81CB-0D5A964F9EB6", versionEndIncluding: "4.5.0", versionStartIncluding: "4.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:*:*:*:*:*:*:*:*", matchCriteriaId: "6B3E56EB-202A-4F58-8E94-B2DDA1693498", versionEndIncluding: "4.5.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:enterprise_manager:3.1.0:*:*:*:*:*:*:*", matchCriteriaId: "4C580F19-AF18-49EE-89FF-8C4F5C88314D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "D5F5FEE7-059A-4A9B-BCCD-18F0AA435040", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the \"LECHO & !OPOST\" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings.", }, { lang: "es", value: "La función n_tty_write en drivers/tty/n_tty.c en el kernel de Linux hasta 3.14.3 no maneja debidamente acceso al controlador tty en el caso 'LECHO & !OPOST', lo que permite a usuarios locales causar una denegación de servicio (consumo de memoria y caída de sistema) o ganar privilegios mediante la provocación de una condición de carrera involucrando operaciones de lectura y escritura con cadenas largas.", }, ], id: "CVE-2014-0196", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2014-05-07T10:55:04.337", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Permissions Required", "Third Party Advisory", ], url: "http://bugzilla.novell.com/show_bug.cgi?id=875690", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-0771.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://pastebin.com/raw.php?i=yTSFUBgZ", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0512.html", }, { source: "secalert@redhat.com", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/59218", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/59262", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/59599", }, { source: "secalert@redhat.com", tags: [ "Not Applicable", ], url: "http://source.android.com/security/bulletin/2016-07-01.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-2926", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-2928", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.exploit-db.com/exploits/33516", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2014/05/05/6", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://www.osvdb.org/106646", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2196-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2197-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2198-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2199-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2200-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2201-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2202-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2203-1", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2204-1", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1094232", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Permissions Required", "Third Party Advisory", ], url: "http://bugzilla.novell.com/show_bug.cgi?id=875690", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4291086b1f081b869c6d79e5b7441633dc3ace00", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://linux.oracle.com/errata/ELSA-2014-0771.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00007.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00012.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mailing List", "Third Party Advisory", ], url: "http://pastebin.com/raw.php?i=yTSFUBgZ", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rhn.redhat.com/errata/RHSA-2014-0512.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://secunia.com/advisories/59218", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/59262", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/59599", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://source.android.com/security/bulletin/2016-07-01.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15319.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-2926", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2014/dsa-2928", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "http://www.exploit-db.com/exploits/33516", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2014/05/05/6", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://www.osvdb.org/106646", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2196-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2197-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2198-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2199-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2200-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2201-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2202-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2203-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.ubuntu.com/usn/USN-2204-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1094232", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", "Third Party Advisory", ], url: "https://github.com/torvalds/linux/commit/4291086b1f081b869c6d79e5b7441633dc3ace00", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-362", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-362", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2018-10-31 14:29
Modified
2024-11-21 03:50
Severity ?
Summary
On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | https://support.f5.com/csp/article/K28003839 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K28003839 | Mitigation, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C0740491-CFC6-4D53-A39F-3244710282D0", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1F9094D4-087E-45D8-AD7B-A2FA1BF1E2F8", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D746D9C6-28DE-4170-9F08-16C58F160752", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "EFECB54D-C240-495E-A97B-6694BB992C9D", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B3A526B1-EB66-497F-B8B5-45205781B323", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "88880F08-386C-4BC3-952D-DD1665D8B1EB", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "41D7E35D-EAC4-4D00-BB52-19414EEDD286", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D8478F27-F451-4C94-9D45-9FCF30B6EB84", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B6F24FC1-B549-48F9-AF0E-AB441E5EE4B4", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9032E773-CAB2-4108-A86B-04A8383663BE", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "C47559FB-EC85-4A3A-B967-0BD37934B33D", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "40C7F0AE-F55C-42D9-A6EF-1A0D53FFD4DE", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "17F63A24-36A9-4C90-B73B-131A5658C4C1", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "CE608E62-F3E2-405C-8239-760A7C1E1527", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "51218200-4536-4ED9-AA9A-301E2B30B829", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "B3EDF519-7610-4223-BBD7-B75438ACD8B2", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "39C62474-8F2E-4394-8B9E-FB06F8CE95C4", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "CCA46825-0425-4C7D-B846-05E6D4081F51", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "05456A39-5301-421B-853A-4651E1B13DE8", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "224F2348-19DC-4242-8A1E-5F5BDCB86B9C", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "D1C0F266-7321-4BBC-B5C6-8D25DCC1715F", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "76F51999-6742-445C-936B-C2873C5F27CB", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "8A537300-3211-4136-89C7-B99AD4F13B8C", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9F921FE3-B481-4552-AE7C-FEE05DB6D301", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E021297A-FD19-446B-B526-7516503B6D24", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "28DE49F7-E999-4D3F-8767-A2C3615DF780", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "21A5DC79-66A0-4195-9A19-42FD2B5D7941", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "897F4A4D-D2E2-4171-8ECA-7E981034DE16", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "84F95F43-BF52-423E-9B1A-55D6B7262A57", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:*:*:*:*:*:*:*:*", matchCriteriaId: "DC852AA9-7C30-44D8-A964-07DF817A4FF2", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "8ABCEA29-0EDF-4D41-BB61-F2C293A5A2E2", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "FB32AD06-69AF-4289-B854-ED9141E76582", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "31C5842B-0261-4CDB-888E-329FF7D73108", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "7B73F018-4FAD-48B3-9806-FC827787E323", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "9D11EBE7-741F-4585-962F-99EAA29C1F0E", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "55366FD7-D7BA-4D36-AC5D-1B822940842F", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "D63E2912-58B9-4541-8E5D-993F73AB74F1", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "FC818DB1-C85A-47A3-ABE2-0FFCD7AC3E40", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "11876D9C-0082-454A-8254-B5FD74E87719", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "57F6C963-A1BF-4579-9345-D0207269577A", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "8C050740-2FD3-474D-A09A-C122F031342F", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "C21FA11D-0C58-4DF7-85E0-5E8E7B1F14A8", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "ADB7193B-3BEF-4920-9893-FF196E785850", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "2680D4AD-CCD0-4964-8D8F-CF1FCDA2BEC3", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", matchCriteriaId: "DC6B989A-BA55-47F5-8269-D9FA435ECC29", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2FC80682-E373-4508-A297-EA19BF62BABA", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "42E368FA-5A85-428E-B63D-FD027CD46E8E", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2E5B875A-ACFE-4C98-B6C4-5A6262C09E23", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "A00660C1-7A1C-42CF-A829-503DC2EC08E0", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "F534EADF-DA49-4EDD-97F8-C4046E890D8B", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "9EBEBCB3-AF9E-4049-980D-E87B756D6D51", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "34EC5593-4293-4D2A-A110-25D371F3E281", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "1ED25E87-39BC-4D15-B37A-FCBE97F7D3D2", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "49F45207-07ED-4DF8-ABDA-4AD3E9CA26D1", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "D0233F1B-2DDB-4B01-A549-E76C18BBC3F1", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "B885F0E9-8019-4053-AAAA-2C136D55FB71", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6217D65D-B15B-426B-8692-BA461BB57663", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "56181224-56D4-43BE-A296-52DF599A2BD5", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "1D43A55D-E9D4-45A3-8B41-B4B22BE4A536", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "90DBE74F-6E43-448F-9479-8FD75D5DCC22", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "D655B3FF-5173-4850-B94C-B864E2115D95", versionEndIncluding: "11.5.6", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "91F78D2C-DC7C-4B1C-AB44-3CB810240D42", versionEndIncluding: "11.6.3.2", versionStartIncluding: "11.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "6355263D-8407-466D-BB71-CB6316EDC668", versionEndIncluding: "12.1.3.5", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "D9479031-90AA-4C1D-B14C-CDFFBC99CCDE", versionEndIncluding: "13.1.0.7", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "E6ADE585-616C-4B40-A40C-EE97A8FAC653", versionEndIncluding: "14.0.0.2", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "D5F5FEE7-059A-4A9B-BCCD-18F0AA435040", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "559900D6-7E43-4D2F-9167-BDB04DD5D0DB", versionEndIncluding: "5.4.0", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "0AC93C0F-AA5B-4A2B-B205-26F65BCA6780", versionEndIncluding: "6.0.1", versionStartIncluding: "6.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*", matchCriteriaId: "24AEF0B2-7C8C-432C-A840-C2441A70343F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E21D6206-4716-47FE-A733-F18343656E94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:iworkflow:*:*:*:*:*:*:*:*", matchCriteriaId: "015D8D65-126B-4958-8EE2-291487AD4C9B", versionEndIncluding: "2.3.0", versionStartIncluding: "2.0.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may cause the BIG-IP system to experience denial-of-service (DoS) when the BIG-IP user uses the tmsh utility to run the edit cli preference command and proceeds to save the changes to another filename repeatedly. This action utilises storage space on the /var partition and when performed repeatedly causes the /var partition to be full.", }, { lang: "es", value: "En BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2 o 11.2.1-11.5.6; BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 o 4.6.0; BIG-IQ Cloud and Orchestration 1.0.0; iWorkflow 2.0.1-2.3.0 o Enterprise Manager 3.1.1, un usuario BIG-IP con acceso tmsh podría provocar que el sistema BIG-IP experimente una denegación de servicio (DoS) cuando este usuario emplea la utilidad tmsh para ejecutar el comando de preferencias edit cli y guarda los cambios repetidamente en otro nombre de archivo. Esta acción emplea almacenamiento de la partición /var y, cuando se realiza repetidamente, provoca que la partición /var se llene.", }, ], id: "CVE-2018-15322", lastModified: "2024-11-21T03:50:33.577", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-10-31T14:29:00.517", references: [ { source: "f5sirt@f5.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://support.f5.com/csp/article/K28003839", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://support.f5.com/csp/article/K28003839", }, ], sourceIdentifier: "f5sirt@f5.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-05-02 13:29
Modified
2024-11-21 04:08
Severity ?
Summary
On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| f5sirt@f5.com | http://www.securitytracker.com/id/1040799 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | http://www.securitytracker.com/id/1040800 | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K37442533 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040799 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040800 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K37442533 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "16F3D25A-7050-4A98-B3B5-3539FCC417AE", versionEndIncluding: "11.6.3", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "48AEF668-8ABE-4A09-B45B-AB30B7A6464B", versionEndIncluding: "12.1.2", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "9EC16ED5-2E19-4DC5-8F1D-2197D7CFEEBB", versionEndIncluding: "13.1.0", versionStartIncluding: "13.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "35519CB7-C6BD-4EBF-A75F-03A5D2B9153C", versionEndIncluding: "11.6.3", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6CAB3D2D-F589-41AB-A68A-8AFA8760E394", versionEndIncluding: "12.1.2", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "69B575F8-F179-4648-A6AD-6F1C655A027A", versionEndIncluding: "13.1.0", versionStartIncluding: "13.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "4049C7FF-FAE6-4377-98F9-7375D180B232", versionEndIncluding: "11.6.3", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "F3C3362F-1251-4E7B-B8CB-BBE7344A915E", versionEndIncluding: "12.1.2", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "59E3934C-1BAA-4193-923E-33D515F7D9EA", versionEndIncluding: "13.1.0", versionStartIncluding: "13.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "64CAD197-79F4-41AE-956C-D23DCA556A52", versionEndIncluding: "11.6.3", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "A7E33F47-378B-4077-AA3E-6EBED04D3609", versionEndIncluding: "12.1.2", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", matchCriteriaId: "573D868C-4560-4268-8F0E-4BC6EC5D0B4C", versionEndIncluding: "13.1.0", versionStartIncluding: "13.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "AC26EC47-DB01-45B3-BD47-848B73334A99", versionEndIncluding: "11.6.3", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E6A76187-6118-4A9D-9F7C-0C9D3931BF42", versionEndIncluding: "12.1.2", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "3331F4E7-A17F-41E2-B3FD-0F212626858D", versionEndIncluding: "13.1.0", versionStartIncluding: "13.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "5DAD0B3C-4E3B-48F1-84E1-E92BE40A657F", versionEndIncluding: "11.6.3", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "FE82B01E-278D-40DB-9CD5-D69F863A97CD", versionEndIncluding: "12.1.2", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "41A8A1C4-E425-40BD-B884-527E7CC62D24", versionEndIncluding: "13.1.0", versionStartIncluding: "13.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "586A9AE0-4417-4412-B573-73217F82FF73", versionEndIncluding: "11.6.3", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "C300F433-99A8-477E-9369-2FEB5DEEE632", versionEndIncluding: "12.1.2", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "4F2CDD8C-0D75-4E3B-8E21-BC90C7574534", versionEndIncluding: "13.1.0", versionStartIncluding: "13.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "2392B92F-B2A5-4548-AB20-3142D5EADE8E", versionEndIncluding: "11.6.3", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "528457E0-A8CA-454B-AC01-C55630E2FA49", versionEndIncluding: "12.1.2", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "555AC906-C7E8-4E85-8453-498ED7B7205F", versionEndIncluding: "13.1.0", versionStartIncluding: "13.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "6B30938E-E843-4D52-8EFC-19107BCDB1D9", versionEndIncluding: "11.6.3", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "B8AE206C-8F30-4C1A-9823-BAF2052EF065", versionEndIncluding: "12.1.2", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", matchCriteriaId: "3360351A-9D4F-410A-BB15-44C92326ED64", versionEndIncluding: "13.1.0", versionStartIncluding: "13.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "E91FA1C5-2FC4-49F7-9AF7-A6BD446BFA2E", versionEndIncluding: "11.6.3", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "91F8E790-6C3C-476D-B403-4F13CEF0BA7A", versionEndIncluding: "12.1.2", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", matchCriteriaId: "6FBF24E5-6B40-4022-B481-98E4082839A1", versionEndIncluding: "13.1.0", versionStartIncluding: "13.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "205B6399-2EA9-44C0-8ED7-06B3EE724AC2", versionEndIncluding: "11.6.3", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "B22714C9-D539-4E1E-A7FB-6CF3FD4093C4", versionEndIncluding: "12.1.2", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", matchCriteriaId: "1643B722-2B02-4C64-82DD-19788D75BC3F", versionEndIncluding: "13.1.0", versionStartIncluding: "13.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", matchCriteriaId: "CDF51DAA-0400-4186-BBF3-8784A9C6FE6D", versionEndIncluding: "11.6.3", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", matchCriteriaId: "48B5CC4A-32F1-474A-A89B-A6C7E56513D7", versionEndIncluding: "12.1.2", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_websafe:*:*:*:*:*:*:*:*", matchCriteriaId: "8105D615-8A59-466A-8369-9AFDAE2AFA61", versionEndIncluding: "13.1.0", versionStartIncluding: "13.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "6AB9039C-8ACE-4D9B-B90E-D593512A1E30", versionEndIncluding: "11.6.3", versionStartIncluding: "11.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "4B79FDC9-83A7-4BB9-95C3-678095DA22AA", versionEndIncluding: "12.1.2", versionStartIncluding: "12.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", matchCriteriaId: "B5769F2A-FF74-4B40-B25F-B419DBDEECB6", versionEndIncluding: "13.1.0", versionStartIncluding: "13.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_enterprise_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "ADE47FF9-E13D-41D3-BEA2-EF1B973CB0A9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", matchCriteriaId: "559900D6-7E43-4D2F-9167-BDB04DD5D0DB", versionEndIncluding: "5.4.0", versionStartIncluding: "5.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*", matchCriteriaId: "24AEF0B2-7C8C-432C-A840-C2441A70343F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E21D6206-4716-47FE-A733-F18343656E94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:f5_iworkflow:*:*:*:*:*:*:*:*", matchCriteriaId: "B6D095DB-95BC-425B-BA1C-25180CBF5D52", versionEndIncluding: "2.3.0", versionStartIncluding: "2.0.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed.", }, { lang: "es", value: "En F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2 o 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 o 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0 o F5 iWorkflow 2.0.2-2.3.0, los usuarios autenticados que tengan acceso TMOS Shell (tmsh) pueden acceder a objetos en el sistema de archivos a los que normalmente no tendrían acceso por las restricciones de tmsh. Esto permite que atacantes autenticados con bajos privilegios exfiltren objetos en el sistema de archivos, algo que no deberían poder hacer.", }, ], id: "CVE-2018-5516", lastModified: "2024-11-21T04:08:58.470", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.7, confidentialityImpact: "COMPLETE", integrityImpact: "NONE", vectorString: "AV:L/AC:M/Au:N/C:C/I:N/A:N", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-05-02T13:29:00.617", references: [ { source: "f5sirt@f5.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040799", }, { source: "f5sirt@f5.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040800", }, { source: "f5sirt@f5.com", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/csp/article/K37442533", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040799", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1040800", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/csp/article/K37442533", }, ], sourceIdentifier: "f5sirt@f5.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-732", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-01-12 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_application_delivery_controller:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "222B4DE7-1D3D-40DF-A9EB-EFABDA8FAEA6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "4617DC7B-07BA-4805-9789-CFDBA8535214", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "A635FEC4-4F52-4971-A67D-47E68108E4F4", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "EC69B41E-C22D-48D2-8609-60C018F1F48D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "270EEBF6-46FA-48FC-BEC9-9C0838A86BB4", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "93310708-E1FE-445A-BB1F-7D1F553AEC65", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "855E91A4-0A0C-4E5C-8019-FB513A793803", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "475F0EF8-42CB-4099-9C4A-390F946C4924", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "62B0A70A-D101-443E-A543-5EC35E23D66F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_security:4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0303BEA3-02EB-4F7C-96C5-29E231832CEA", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "27CAD4CD-9228-4DE5-A333-2862AC18F24B", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "283BF2C8-BED6-4FB5-91C0-E53F338F3AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D98BEE39-FD68-49FC-A2A2-8926FFA4BF51", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0003813A-C1A8-4ED1-A04C-7AE961E7FA22", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "DEC1A702-0CCB-48F9-A42E-D8C756DD9D76", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "4C9C14C5-B23C-4CE3-8FF0-52741CBB602E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "7FBA20ED-08F5-4C35-991A-0DBC6BEAECC7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "8D94751C-A340-4DE7-821A-5143FA0011E4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "84452450-77FA-4708-9C86-5464D541C8ED", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A49B1D82-3EC2-4E20-8FF5-58248905E964", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "7E4CC3E0-F9B8-433F-A2B0-2306144F9B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8993275-E17E-4A69-8D95-A8229E0E88D6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "B50BF19F-71B4-47C0-A96E-6EB90FCC6AE7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "D7D7863D-B064-4D7A-A66B-C3D3523425FD", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager11.2.0:*:*:*:*:*:*:*:*", matchCriteriaId: "96D10DFA-DA4D-4A57-AE06-57D9886A6F67", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*", matchCriteriaId: "24AEF0B2-7C8C-432C-A840-C2441A70343F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.0.0:*:*:*:*:*:*:*", matchCriteriaId: "8FA5C323-7247-42B5-AF3E-F7E8A18932CD", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.1.0:*:*:*:*:*:*:*", matchCriteriaId: "FF199950-9564-4CF2-BC74-F9E1C28AC377", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "A613D29A-9C7F-49A5-98E4-8477A1FF7C9E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "867B2CA9-DAE5-4070-B8E6-F624C59F5054", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "52CD200C-1D14-471F-93C1-027CC676C26C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4D1850CE-D20D-4677-8CF2-1DB3A4EB33F2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "0A70B1E2-0B3D-4DE9-8ED9-777F73D0B750", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A7D226F1-6513-4233-BE20-58D7AB24978F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "B33B2082-E040-4799-A260-BA687ED8614E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B70D2BD5-8E3F-4B57-84EF-3AF40F6378F1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D0EDB8E9-E6FB-406E-B1D3-C620F114804C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "7507BDFF-5B52-4A06-9F8C-2B6F3958162A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "6E0141FA-44E9-460E-B175-29A7FA251301", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "8DD27EF7-3329-4009-959F-D2E4D5935E57", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "3755740D-F1DC-4910-ADDD-9D491515201C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "EA244A7D-F65D-4114-81C8-CE811959EA10", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B276E4DF-69FC-4158-B93A-781A45605034", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "532AAF54-64EF-4852-B4F1-D5E660463704", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "524B2D05-508C-47FF-94A0-6CC42060E638", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "D3A84AF1-A18E-4AFD-B85E-49CE46A548D8", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BA54B88F-4A16-4F40-8A3B-B107F0CA2334", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "17C28542-51A4-4464-ADF9-C6376F829F4A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "584853F9-644F-40B2-A28F-1CE9B51F84F6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "DFE665CF-A633-474E-9519-D20E3D3958CF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D88F8F3B-DD8B-4BB3-BB68-C43583318400", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F677AF16-146D-41A5-ABF3-56DB9C0D6CA6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "CE13DA9F-8460-430E-B939-BF17A7D37A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.3.0:*:*:*:*:*:*:*", matchCriteriaId: "70A04EB1-0C2C-4FC0-9E4D-05AFE65503D7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "CF93E82F-D38C-4D4D-99EB-E334EE163C4E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A3471D34-A76C-498A-8C45-1553A579A88B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E21D6206-4716-47FE-A733-F18343656E94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "3CA52816-C4B7-4B1E-A950-EE9B571CB06B", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "F2AA5127-5314-4026-905D-937B7B62473F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "09E42DAA-700D-487C-9238-F7F3D75A8C1A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "1B6EA0C0-9C26-4A87-98F1-5B317D606ECB", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "4D379372-A226-4230-B1F3-04C696518BD8", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CB8D3B87-B8F5-490A-B1D9-04F2EE93EEA3", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "23FF9627-E561-4CF7-A685-6E33D2F6C98C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "002333F5-2864-434F-AC94-9C644098F95C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "FB630A86-FB84-4199-9E4D-38EB620806CB", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "ABF47456-CCA0-4817-9AEF-631DC152174E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "FB5F9107-549C-40EF-B355-C7E93A979CDD", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "1C0312FC-8178-46DE-B4EE-00F2895073BA", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "BC6C5628-14FF-4D75-B62E-D4B2707C1E3D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CFA77C6B-72DB-4D57-87CF-11F2C7EDB828", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3B62FEC0-EE22-46E6-B811-8AB0EE4C3E2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "974C5213-99F7-4E8A-AC6A-8759697F19C4", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "E288D50B-7EFA-4FC8-938B-EE3765FFA24D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "0E3D8A24-0B8D-432B-8F06-D0E1642E7C1C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "A4489382-0668-4CFB-BA89-D54762937CEE", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5B40837-EC2B-41FB-ACC3-806054EAF28C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3CA2FA6B-3930-432F-8FB5-E73604CEFE42", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "1591F627-3C86-4904-9236-6936D533ED75", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "3136A8D1-3D0D-46B3-9A3A-737074864F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "96673865-3D37-4562-831E-3ACE9DFB471E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_device:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "EBA4FC82-F8FB-4F11-94DA-12D280A18E3D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:4.3.0:*:*:*:*:*:*:*", matchCriteriaId: "CB5D327F-4233-45CE-A557-F7BA717AF057", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "99E5F378-E93E-45F6-A445-F2DAB5C423F7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A9538F63-3DC9-42CC-87D5-3CA048AE52A6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDB299B4-5893-4D91-8E5B-09BDFDB86FEF", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "F9EA336A-8055-4DA8-8F79-07C4ADE83E32", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "624EFAEB-15C2-422F-BAD1-D0BC37878349", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "76C1525D-46DE-4362-BBAD-095BBF718990", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "259C05BB-6349-4005-9372-21623DC5002D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "12F86EB5-D581-4103-A802-44D968BA8D55", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "2FF5A5F6-4BA3-4276-8679-B5560EACF2E0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "44F1E5E0-BD63-4A4A-BC4E-A1D5495F8B5C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "3CA49611-A8E4-454E-98AD-B64C0202838F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "FF7FCC81-2F1D-4EF5-956B-085FB7FEFAE7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "200A9CE9-E56D-4EFA-AC8A-954F945DDDBB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors.", }, { lang: "es", value: "dcoep en BIG-IP LTM, Analytics, APM, ASM y Link Controller 11.2.0 hasta la versión 11.6.0 y 12.0.0 en versiones anteriores a 12.0.0 HF1, BIG-IP AAM 11.4.0 hasta la versión 11.6.0 y 12.0.0 en versiones anteriores a 12.0.0 HF1, BIG-IP AFM y PEM 11.3.0 hasta la versión 11.6.0 y 12.0.0 en versiones anteriores a 12.0.0 HF1, BIG-IP DNS 12.0.0 en versiones anteriores a 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator y WOM 11.2.0 hasta la versión 11.3.0, BIG-IP GTM 11.2.0 hasta la versión 11.6.0, BIG-IP PSM 11.2.0 hasta la versión 11.4.1, Enterprise Manager 3.0.0 hasta la versión 3.1.1, BIG-IQ Cloud 4.0.0 hasta la versión 4.5.0, BIG-IQ Device 4.2.0 hasta la versión 4.5.0, BIG-IQ Security 4.0.0 hasta la versión 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0 y BIG-IQ Cloud y Orchestration 1.0.0 permite a usuarios locales con acceso shell (bash) avanzado obtener privilegios a través de vectores no especificados.", }, ], id: "CVE-2015-7393", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 6.9, confidentialityImpact: "COMPLETE", integrityImpact: "COMPLETE", vectorString: "AV:L/AC:M/Au:N/C:C/I:C/A:C", version: "2.0", }, exploitabilityScore: 3.4, impactScore: 10, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 1.4, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-01-12T20:59:00.120", references: [ { source: "cve@mitre.org", url: "http://securitytracker.com/id/1034632", }, { source: "cve@mitre.org", url: "http://www.securitytracker.com/id/1034633", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id/1034632", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1034633", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2017-05-01 15:59
Modified
2024-11-21 03:29
Severity ?
Summary
An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "F9EA336A-8055-4DA8-8F79-07C4ADE83E32", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "76C1525D-46DE-4362-BBAD-095BBF718990", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "259C05BB-6349-4005-9372-21623DC5002D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "E5D27D4A-BD5C-4FA9-AA72-F7956298DE06", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "12F86EB5-D581-4103-A802-44D968BA8D55", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "36F383ED-8CB5-400D-BFDB-BD5B8CD8C7AE", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "E6203A11-82C3-4ABA-94E9-085BFF1A0E4C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.4:*:*:*:*:*:*:*", matchCriteriaId: "06224D59-35F8-4168-80C5-CF5B17E99050", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "2FF5A5F6-4BA3-4276-8679-B5560EACF2E0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.1:*:*:*:*:*:*:*", matchCriteriaId: "A2B502F2-404C-463B-B6BE-87489DC881F9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "974C5213-99F7-4E8A-AC6A-8759697F19C4", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "E288D50B-7EFA-4FC8-938B-EE3765FFA24D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "0E3D8A24-0B8D-432B-8F06-D0E1642E7C1C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "A4489382-0668-4CFB-BA89-D54762937CEE", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "9850D0AA-B173-47B2-9B69-75E6D1FAF490", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "281D0B5B-27DF-4E8A-AFC9-D09468F8ECDF", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.4:*:*:*:*:*:*:*", matchCriteriaId: "40994EB4-4D31-4697-964D-1F0B09864DF2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5B40837-EC2B-41FB-ACC3-806054EAF28C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.1:*:*:*:*:*:*:*", matchCriteriaId: "48BE0210-7058-462A-BA17-845D3E4F52FA", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "6E0141FA-44E9-460E-B175-29A7FA251301", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "8DD27EF7-3329-4009-959F-D2E4D5935E57", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "3755740D-F1DC-4910-ADDD-9D491515201C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "EA244A7D-F65D-4114-81C8-CE811959EA10", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "5EA9F72C-8344-4370-B511-31BEC8BA63E8", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "96CF015E-C74B-4215-9103-8087BC1D12AB", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.4:*:*:*:*:*:*:*", matchCriteriaId: "CFE4DB00-433D-414A-A1CE-E507B9BB809B", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B276E4DF-69FC-4158-B93A-781A45605034", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "867B2CA9-DAE5-4070-B8E6-F624C59F5054", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4D1850CE-D20D-4677-8CF2-1DB3A4EB33F2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "0A70B1E2-0B3D-4DE9-8ED9-777F73D0B750", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A7D226F1-6513-4233-BE20-58D7AB24978F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "B33B2082-E040-4799-A260-BA687ED8614E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "A85766A4-2181-4719-ADCF-4FEA0031DB80", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "D2E93EE3-DB73-468E-87CA-4D277F283648", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.4:*:*:*:*:*:*:*", matchCriteriaId: "ADB01A61-1924-417F-8A75-9FDF8F14F754", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B70D2BD5-8E3F-4B57-84EF-3AF40F6378F1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.6.1:*:*:*:*:*:*:*", matchCriteriaId: "2A065BC0-56BD-4665-A860-EBA37F1A4D8C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "FB630A86-FB84-4199-9E4D-38EB620806CB", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "FB5F9107-549C-40EF-B355-C7E93A979CDD", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "B1A1C200-30B2-4B38-BC74-D11E54530A96", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "1C0312FC-8178-46DE-B4EE-00F2895073BA", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "BC6C5628-14FF-4D75-B62E-D4B2707C1E3D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "C9E574F6-34B6-45A6-911D-E5347DA22F69", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "BCF94129-8779-4D68-8DD4-B828CA633746", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4:*:*:*:*:*:*:*", matchCriteriaId: "BA2E88AA-0523-48D0-8664-6AFDBCB6C940", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CFA77C6B-72DB-4D57-87CF-11F2C7EDB828", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:*", matchCriteriaId: "E33BCA5B-CE91-451C-9821-2023A9E461C1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "A635FEC4-4F52-4971-A67D-47E68108E4F4", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "270EEBF6-46FA-48FC-BEC9-9C0838A86BB4", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "93310708-E1FE-445A-BB1F-7D1F553AEC65", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "1AD2C1D2-103E-4B0F-84AA-999F01E695F0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "855E91A4-0A0C-4E5C-8019-FB513A793803", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "FCCC2092-E109-4FF6-9B85-6C9434269851", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "8923BB93-96C1-417B-9172-4A81E731EBA2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.4:*:*:*:*:*:*:*", matchCriteriaId: "274E34BF-82A5-4D9E-BC72-202193A47A5A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "475F0EF8-42CB-4099-9C4A-390F946C4924", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.1:*:*:*:*:*:*:*", matchCriteriaId: "94DBCD7A-E4DA-4C08-87A4-960CF53A83E6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "3136A8D1-3D0D-46B3-9A3A-737074864F1B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "84452450-77FA-4708-9C86-5464D541C8ED", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "7E4CC3E0-F9B8-433F-A2B0-2306144F9B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8993275-E17E-4A69-8D95-A8229E0E88D6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "0594DBC5-8470-416C-A5EA-E04F5AB2C799", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "B50BF19F-71B4-47C0-A96E-6EB90FCC6AE7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "BD3A3BA6-6F60-45CA-8F52-687B671B077A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "202B6870-718C-4F8D-9BAB-7ED6385BF2A7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.4:*:*:*:*:*:*:*", matchCriteriaId: "EC6A3691-ADC4-44BC-8A11-D855B13EF128", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "D7D7863D-B064-4D7A-A66B-C3D3523425FD", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.1:*:*:*:*:*:*:*", matchCriteriaId: "911BB6DB-B2D1-4855-A65C-F0799E034358", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2DD53088-3BD4-4AF9-8934-4905231A75E8", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "FF646EF0-56C8-492E-A78D-B00ECAA8D851", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "0D42B922-A5F7-41FC-A361-BA0E065B5B00", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "13E6D2CA-CC4F-4317-A842-4DF0693B0CB6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AB017D7A-3290-4EF5-9647-B488771A5F32", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "4F316C54-FAE4-48D8-9E40-ED358C30BF24", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "AC0F5FD3-45E7-4D55-A3AC-6572FC0682D0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.5.4:*:*:*:*:*:*:*", matchCriteriaId: "56BAC4C7-AB42-4BBD-98B5-0AE8B032CCC7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "5CDEC701-DAB3-4D92-AA67-B886E6693E46", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.6.1:*:*:*:*:*:*:*", matchCriteriaId: "8C641B4F-DCFF-4A1B-9E00-EDF18A270241", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "F2AA5127-5314-4026-905D-937B7B62473F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "09E42DAA-700D-487C-9238-F7F3D75A8C1A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "1B6EA0C0-9C26-4A87-98F1-5B317D606ECB", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "4D379372-A226-4230-B1F3-04C696518BD8", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "22FAC35D-2803-49B0-9382-F14594B88FC5", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "3C72257B-FF99-4707-A0E3-316D538B1CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.4:*:*:*:*:*:*:*", matchCriteriaId: "18CFA52E-F9D7-40C3-9DB5-CDD5767E1F0D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CB8D3B87-B8F5-490A-B1D9-04F2EE93EEA3", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.1:*:*:*:*:*:*:*", matchCriteriaId: "C1EA4F45-35F7-4687-8D1A-A5ACD846500A", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "584853F9-644F-40B2-A28F-1CE9B51F84F6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "DFE665CF-A633-474E-9519-D20E3D3958CF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "FF7FCC81-2F1D-4EF5-956B-085FB7FEFAE7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_websafe:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "228D5DA1-C78A-4E05-997A-50F6C1B59593", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_websafe:11.6.1:*:*:*:*:*:*:*", matchCriteriaId: "452C59B8-230D-4FC0-B76D-FA6E381E3713", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "D5F5FEE7-059A-4A9B-BCCD-18F0AA435040", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "CF93E82F-D38C-4D4D-99EB-E334EE163C4E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A3471D34-A76C-498A-8C45-1553A579A88B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_device:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "99E5F378-E93E-45F6-A445-F2DAB5C423F7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A9538F63-3DC9-42CC-87D5-3CA048AE52A6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_security:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0003813A-C1A8-4ED1-A04C-7AE961E7FA22", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "DEC1A702-0CCB-48F9-A42E-D8C756DD9D76", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_application_delivery_controller:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "222B4DE7-1D3D-40DF-A9EB-EFABDA8FAEA6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*", matchCriteriaId: "24AEF0B2-7C8C-432C-A840-C2441A70343F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E21D6206-4716-47FE-A733-F18343656E94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:f5_iworkflow:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CAC5A3C6-E7E1-4C67-B868-0BFA0CCC5956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An attacker may be able to cause a denial-of-service (DoS) attack against the sshd component in F5 BIG-IP, Enterprise Manager, BIG-IQ, and iWorkflow.", }, { lang: "es", value: "Un atacante puede ser capaz de causar un ataque de denegación de servicio (DoS) contra el componente sshd en F5 BIG-IP, Enterprise Manager, BIG-IQ e iWorkflow", }, ], id: "CVE-2017-6128", lastModified: "2024-11-21T03:29:06.040", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-05-01T15:59:00.227", references: [ { source: "f5sirt@f5.com", url: "http://www.securitytracker.com/id/1038362", }, { source: "f5sirt@f5.com", url: "http://www.securitytracker.com/id/1038363", }, { source: "f5sirt@f5.com", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://support.f5.com/csp/article/K92140924", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038362", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securitytracker.com/id/1038363", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://support.f5.com/csp/article/K92140924", }, ], sourceIdentifier: "f5sirt@f5.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-06-24 17:59
Modified
2025-04-12 10:46
Severity ?
Summary
The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securitytracker.com/id/1036172 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036172 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/ | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_application_delivery_controller:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "222B4DE7-1D3D-40DF-A9EB-EFABDA8FAEA6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E21D6206-4716-47FE-A733-F18343656E94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "0E3D8A24-0B8D-432B-8F06-D0E1642E7C1C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "A4489382-0668-4CFB-BA89-D54762937CEE", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "9850D0AA-B173-47B2-9B69-75E6D1FAF490", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "281D0B5B-27DF-4E8A-AFC9-D09468F8ECDF", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5B40837-EC2B-41FB-ACC3-806054EAF28C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3CA2FA6B-3930-432F-8FB5-E73604CEFE42", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "1C0312FC-8178-46DE-B4EE-00F2895073BA", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "BC6C5628-14FF-4D75-B62E-D4B2707C1E3D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "C9E574F6-34B6-45A6-911D-E5347DA22F69", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "BCF94129-8779-4D68-8DD4-B828CA633746", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CFA77C6B-72DB-4D57-87CF-11F2C7EDB828", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3B62FEC0-EE22-46E6-B811-8AB0EE4C3E2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "E5D27D4A-BD5C-4FA9-AA72-F7956298DE06", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "12F86EB5-D581-4103-A802-44D968BA8D55", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "36F383ED-8CB5-400D-BFDB-BD5B8CD8C7AE", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "E6203A11-82C3-4ABA-94E9-085BFF1A0E4C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "2FF5A5F6-4BA3-4276-8679-B5560EACF2E0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "44F1E5E0-BD63-4A4A-BC4E-A1D5495F8B5C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "0594DBC5-8470-416C-A5EA-E04F5AB2C799", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "B50BF19F-71B4-47C0-A96E-6EB90FCC6AE7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "BD3A3BA6-6F60-45CA-8F52-687B671B077A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "202B6870-718C-4F8D-9BAB-7ED6385BF2A7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "D7D7863D-B064-4D7A-A66B-C3D3523425FD", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_security:4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0303BEA3-02EB-4F7C-96C5-29E231832CEA", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "27CAD4CD-9228-4DE5-A333-2862AC18F24B", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "283BF2C8-BED6-4FB5-91C0-E53F338F3AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D98BEE39-FD68-49FC-A2A2-8926FFA4BF51", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0003813A-C1A8-4ED1-A04C-7AE961E7FA22", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "DEC1A702-0CCB-48F9-A42E-D8C756DD9D76", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D88F8F3B-DD8B-4BB3-BB68-C43583318400", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F677AF16-146D-41A5-ABF3-56DB9C0D6CA6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "CE13DA9F-8460-430E-B939-BF17A7D37A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.3.0:*:*:*:*:*:*:*", matchCriteriaId: "70A04EB1-0C2C-4FC0-9E4D-05AFE65503D7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "CF93E82F-D38C-4D4D-99EB-E334EE163C4E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A3471D34-A76C-498A-8C45-1553A579A88B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "1AD2C1D2-103E-4B0F-84AA-999F01E695F0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "855E91A4-0A0C-4E5C-8019-FB513A793803", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "FCCC2092-E109-4FF6-9B85-6C9434269851", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "8923BB93-96C1-417B-9172-4A81E731EBA2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "475F0EF8-42CB-4099-9C4A-390F946C4924", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "62B0A70A-D101-443E-A543-5EC35E23D66F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*", matchCriteriaId: "24AEF0B2-7C8C-432C-A840-C2441A70343F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "524B2D05-508C-47FF-94A0-6CC42060E638", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A7D226F1-6513-4233-BE20-58D7AB24978F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "B33B2082-E040-4799-A260-BA687ED8614E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "A85766A4-2181-4719-ADCF-4FEA0031DB80", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "D2E93EE3-DB73-468E-87CA-4D277F283648", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B70D2BD5-8E3F-4B57-84EF-3AF40F6378F1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D0EDB8E9-E6FB-406E-B1D3-C620F114804C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "13E6D2CA-CC4F-4317-A842-4DF0693B0CB6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AB017D7A-3290-4EF5-9647-B488771A5F32", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "4F316C54-FAE4-48D8-9E40-ED358C30BF24", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "AC0F5FD3-45E7-4D55-A3AC-6572FC0682D0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "5CDEC701-DAB3-4D92-AA67-B886E6693E46", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E90C12AF-44BA-44A2-89ED-0C2497EEC8A6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "1B6EA0C0-9C26-4A87-98F1-5B317D606ECB", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "4D379372-A226-4230-B1F3-04C696518BD8", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "22FAC35D-2803-49B0-9382-F14594B88FC5", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "3C72257B-FF99-4707-A0E3-316D538B1CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CB8D3B87-B8F5-490A-B1D9-04F2EE93EEA3", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "23FF9627-E561-4CF7-A685-6E33D2F6C98C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_device:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "EBA4FC82-F8FB-4F11-94DA-12D280A18E3D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:4.3.0:*:*:*:*:*:*:*", matchCriteriaId: "CB5D327F-4233-45CE-A557-F7BA717AF057", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "99E5F378-E93E-45F6-A445-F2DAB5C423F7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A9538F63-3DC9-42CC-87D5-3CA048AE52A6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "3755740D-F1DC-4910-ADDD-9D491515201C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "EA244A7D-F65D-4114-81C8-CE811959EA10", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "5EA9F72C-8344-4370-B511-31BEC8BA63E8", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "96CF015E-C74B-4215-9103-8087BC1D12AB", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B276E4DF-69FC-4158-B93A-781A45605034", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "532AAF54-64EF-4852-B4F1-D5E660463704", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x before 11.6.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0 allows remote authenticated administrators to obtain sensitive information via unspecified vectors.", }, { lang: "es", value: "El servicio iControl REST en F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller y PEM 11.5.x en versiones anteriores a 11.5.4, 11.6.x en versiones anteriores a 11.6.1 y 12.x en versiones anteriores a 12.0.0 HF3; BIG-IP DNS 12.x en versiones anteriores a 12.0.0 HF3; BIG-IP GTM 11.5.x en versiones anteriores a 11.5.4 y 11.6.x en versiones anteriores a 11.6.1; BIG-IQ Cloud and Security 4.0.0 hasta la versión 4.5.0; BIG-IQ Device 4.2.0 hasta la versión 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0 y BIG-IQ Cloud and Orchestration 1.0.0 permite a administradores remotos autenticados obtener información sensible a través de vectores no especificados.", }, ], id: "CVE-2016-5021", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-06-24T17:59:01.503", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036172", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036172", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/99/sol99998454/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-09-07 19:28
Modified
2025-04-12 10:46
Severity ?
Summary
F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.x before 11.2.1 HF16 and 11.3.0; BIG-IP GTM 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1 HF1; BIG-IP PSM 11.2.x before 11.2.1 HF16, 11.3.x, and 11.4.0 through 11.4.1; Enterprise Manager 3.1.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 5.0.0; BIG-IQ Cloud and Orchestration 1.0.0; and iWorkflow 2.0.0, when Packet Filtering is enabled on virtual servers and possibly self IP addresses, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) and possibly have unspecified other impact via crafted network traffic.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securitytracker.com/id/1036709 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1036710 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://support.f5.com/kb/en-us/solutions/public/k/06/sol06045217.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036709 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036710 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/kb/en-us/solutions/public/k/06/sol06045217.html | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "EE20D0B7-E96B-448E-B80D-0D596248B410", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "2DD53088-3BD4-4AF9-8934-4905231A75E8", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "C4CB61D3-DF59-4EE0-A0F0-5899850496B9", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "FF646EF0-56C8-492E-A78D-B00ECAA8D851", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "0D42B922-A5F7-41FC-A361-BA0E065B5B00", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "13E6D2CA-CC4F-4317-A842-4DF0693B0CB6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "AB017D7A-3290-4EF5-9647-B488771A5F32", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "4F316C54-FAE4-48D8-9E40-ED358C30BF24", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "AC0F5FD3-45E7-4D55-A3AC-6572FC0682D0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.5.4:*:*:*:*:*:*:*", matchCriteriaId: "56BAC4C7-AB42-4BBD-98B5-0AE8B032CCC7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "5CDEC701-DAB3-4D92-AA67-B886E6693E46", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:11.6.1:*:*:*:*:*:*:*", matchCriteriaId: "8C641B4F-DCFF-4A1B-9E00-EDF18A270241", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_link_controller:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E90C12AF-44BA-44A2-89ED-0C2497EEC8A6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "F2AA5127-5314-4026-905D-937B7B62473F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "09E42DAA-700D-487C-9238-F7F3D75A8C1A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "1B6EA0C0-9C26-4A87-98F1-5B317D606ECB", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "4D379372-A226-4230-B1F3-04C696518BD8", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "22FAC35D-2803-49B0-9382-F14594B88FC5", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "3C72257B-FF99-4707-A0E3-316D538B1CF6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.4:*:*:*:*:*:*:*", matchCriteriaId: "18CFA52E-F9D7-40C3-9DB5-CDD5767E1F0D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CB8D3B87-B8F5-490A-B1D9-04F2EE93EEA3", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.1:*:*:*:*:*:*:*", matchCriteriaId: "C1EA4F45-35F7-4687-8D1A-A5ACD846500A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "23FF9627-E561-4CF7-A685-6E33D2F6C98C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "002333F5-2864-434F-AC94-9C644098F95C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "FB630A86-FB84-4199-9E4D-38EB620806CB", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "ABF47456-CCA0-4817-9AEF-631DC152174E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "FB5F9107-549C-40EF-B355-C7E93A979CDD", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "B1A1C200-30B2-4B38-BC74-D11E54530A96", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "1C0312FC-8178-46DE-B4EE-00F2895073BA", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "BC6C5628-14FF-4D75-B62E-D4B2707C1E3D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "C9E574F6-34B6-45A6-911D-E5347DA22F69", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "BCF94129-8779-4D68-8DD4-B828CA633746", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.4:*:*:*:*:*:*:*", matchCriteriaId: "BA2E88AA-0523-48D0-8664-6AFDBCB6C940", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "CFA77C6B-72DB-4D57-87CF-11F2C7EDB828", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:*", matchCriteriaId: "E33BCA5B-CE91-451C-9821-2023A9E461C1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3B62FEC0-EE22-46E6-B811-8AB0EE4C3E2E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "B171AA24-6500-43D8-9167-BA9BA57682E5", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "84452450-77FA-4708-9C86-5464D541C8ED", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "A49B1D82-3EC2-4E20-8FF5-58248905E964", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "7E4CC3E0-F9B8-433F-A2B0-2306144F9B6A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "B8993275-E17E-4A69-8D95-A8229E0E88D6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "0594DBC5-8470-416C-A5EA-E04F5AB2C799", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "B50BF19F-71B4-47C0-A96E-6EB90FCC6AE7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "BD3A3BA6-6F60-45CA-8F52-687B671B077A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "202B6870-718C-4F8D-9BAB-7ED6385BF2A7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.4:*:*:*:*:*:*:*", matchCriteriaId: "EC6A3691-ADC4-44BC-8A11-D855B13EF128", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "D7D7863D-B064-4D7A-A66B-C3D3523425FD", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.1:*:*:*:*:*:*:*", matchCriteriaId: "911BB6DB-B2D1-4855-A65C-F0799E034358", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D88F8F3B-DD8B-4BB3-BB68-C43583318400", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F677AF16-146D-41A5-ABF3-56DB9C0D6CA6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "CE13DA9F-8460-430E-B939-BF17A7D37A9F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.3.0:*:*:*:*:*:*:*", matchCriteriaId: "70A04EB1-0C2C-4FC0-9E4D-05AFE65503D7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "CF93E82F-D38C-4D4D-99EB-E334EE163C4E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_cloud:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A3471D34-A76C-498A-8C45-1553A579A88B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "3CA49611-A8E4-454E-98AD-B64C0202838F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "FF7FCC81-2F1D-4EF5-956B-085FB7FEFAE7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_webaccelerator:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "200A9CE9-E56D-4EFA-AC8A-954F945DDDBB", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_application_delivery_controller:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "222B4DE7-1D3D-40DF-A9EB-EFABDA8FAEA6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "4617DC7B-07BA-4805-9789-CFDBA8535214", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "A635FEC4-4F52-4971-A67D-47E68108E4F4", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "EC69B41E-C22D-48D2-8609-60C018F1F48D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "270EEBF6-46FA-48FC-BEC9-9C0838A86BB4", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "93310708-E1FE-445A-BB1F-7D1F553AEC65", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "1AD2C1D2-103E-4B0F-84AA-999F01E695F0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "855E91A4-0A0C-4E5C-8019-FB513A793803", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "FCCC2092-E109-4FF6-9B85-6C9434269851", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "8923BB93-96C1-417B-9172-4A81E731EBA2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.5.4:*:*:*:*:*:*:*", matchCriteriaId: "274E34BF-82A5-4D9E-BC72-202193A47A5A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "475F0EF8-42CB-4099-9C4A-390F946C4924", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:11.6.1:*:*:*:*:*:*:*", matchCriteriaId: "94DBCD7A-E4DA-4C08-87A4-960CF53A83E6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_security_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "62B0A70A-D101-443E-A543-5EC35E23D66F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "DDB299B4-5893-4D91-8E5B-09BDFDB86FEF", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "F9EA336A-8055-4DA8-8F79-07C4ADE83E32", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "624EFAEB-15C2-422F-BAD1-D0BC37878349", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "76C1525D-46DE-4362-BBAD-095BBF718990", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "259C05BB-6349-4005-9372-21623DC5002D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "E5D27D4A-BD5C-4FA9-AA72-F7956298DE06", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "12F86EB5-D581-4103-A802-44D968BA8D55", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "36F383ED-8CB5-400D-BFDB-BD5B8CD8C7AE", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "E6203A11-82C3-4ABA-94E9-085BFF1A0E4C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.4:*:*:*:*:*:*:*", matchCriteriaId: "06224D59-35F8-4168-80C5-CF5B17E99050", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "2FF5A5F6-4BA3-4276-8679-B5560EACF2E0", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.1:*:*:*:*:*:*:*", matchCriteriaId: "A2B502F2-404C-463B-B6BE-87489DC881F9", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_local_traffic_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "44F1E5E0-BD63-4A4A-BC4E-A1D5495F8B5C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "4C9C14C5-B23C-4CE3-8FF0-52741CBB602E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "7FBA20ED-08F5-4C35-991A-0DBC6BEAECC7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "8D94751C-A340-4DE7-821A-5143FA0011E4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_device:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "EBA4FC82-F8FB-4F11-94DA-12D280A18E3D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:4.3.0:*:*:*:*:*:*:*", matchCriteriaId: "CB5D327F-4233-45CE-A557-F7BA717AF057", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "99E5F378-E93E-45F6-A445-F2DAB5C423F7", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_device:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A9538F63-3DC9-42CC-87D5-3CA048AE52A6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "6E0141FA-44E9-460E-B175-29A7FA251301", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "8DD27EF7-3329-4009-959F-D2E4D5935E57", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "3755740D-F1DC-4910-ADDD-9D491515201C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "EA244A7D-F65D-4114-81C8-CE811959EA10", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "5EA9F72C-8344-4370-B511-31BEC8BA63E8", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "96CF015E-C74B-4215-9103-8087BC1D12AB", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.4:*:*:*:*:*:*:*", matchCriteriaId: "CFE4DB00-433D-414A-A1CE-E507B9BB809B", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B276E4DF-69FC-4158-B93A-781A45605034", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.1:*:*:*:*:*:*:*", matchCriteriaId: "CBAB92C5-2D50-49CC-AECA-0D16BC44A788", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "532AAF54-64EF-4852-B4F1-D5E660463704", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_domain_name_system:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "524B2D05-508C-47FF-94A0-6CC42060E638", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_centralized_management:4.6.0:*:*:*:*:*:*:*", matchCriteriaId: "24AEF0B2-7C8C-432C-A840-C2441A70343F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_cloud_and_orchestration:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "E21D6206-4716-47FE-A733-F18343656E94", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:f5_iworkflow:2.0.0:*:*:*:*:*:*:*", matchCriteriaId: "CAC5A3C6-E7E1-4C67-B868-0BFA0CCC5956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "974C5213-99F7-4E8A-AC6A-8759697F19C4", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "E288D50B-7EFA-4FC8-938B-EE3765FFA24D", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "0E3D8A24-0B8D-432B-8F06-D0E1642E7C1C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "A4489382-0668-4CFB-BA89-D54762937CEE", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "9850D0AA-B173-47B2-9B69-75E6D1FAF490", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "281D0B5B-27DF-4E8A-AFC9-D09468F8ECDF", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.4:*:*:*:*:*:*:*", matchCriteriaId: "40994EB4-4D31-4697-964D-1F0B09864DF2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "E5B40837-EC2B-41FB-ACC3-806054EAF28C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.1:*:*:*:*:*:*:*", matchCriteriaId: "48BE0210-7058-462A-BA17-845D3E4F52FA", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_application_acceleration_manager:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3CA2FA6B-3930-432F-8FB5-E73604CEFE42", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "1591F627-3C86-4904-9236-6936D533ED75", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "3136A8D1-3D0D-46B3-9A3A-737074864F1B", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_edge_gateway:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "96673865-3D37-4562-831E-3ACE9DFB471E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:enterprise_manager:3.1.1:*:*:*:*:*:*:*", matchCriteriaId: "D5F5FEE7-059A-4A9B-BCCD-18F0AA435040", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "D3A84AF1-A18E-4AFD-B85E-49CE46A548D8", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "BA54B88F-4A16-4F40-8A3B-B107F0CA2334", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "17C28542-51A4-4464-ADF9-C6376F829F4A", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "584853F9-644F-40B2-A28F-1CE9B51F84F6", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "DFE665CF-A633-474E-9519-D20E3D3958CF", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.2.0:*:*:*:*:*:*:*", matchCriteriaId: "A613D29A-9C7F-49A5-98E4-8477A1FF7C9E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.2.1:*:*:*:*:*:*:*", matchCriteriaId: "867B2CA9-DAE5-4070-B8E6-F624C59F5054", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.3.0:*:*:*:*:*:*:*", matchCriteriaId: "52CD200C-1D14-471F-93C1-027CC676C26C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.4.0:*:*:*:*:*:*:*", matchCriteriaId: "4D1850CE-D20D-4677-8CF2-1DB3A4EB33F2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.4.1:*:*:*:*:*:*:*", matchCriteriaId: "0A70B1E2-0B3D-4DE9-8ED9-777F73D0B750", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:*", matchCriteriaId: "A7D226F1-6513-4233-BE20-58D7AB24978F", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*", matchCriteriaId: "B33B2082-E040-4799-A260-BA687ED8614E", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.2:*:*:*:*:*:*:*", matchCriteriaId: "A85766A4-2181-4719-ADCF-4FEA0031DB80", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.3:*:*:*:*:*:*:*", matchCriteriaId: "D2E93EE3-DB73-468E-87CA-4D277F283648", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.5.4:*:*:*:*:*:*:*", matchCriteriaId: "ADB01A61-1924-417F-8A75-9FDF8F14F754", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*", matchCriteriaId: "B70D2BD5-8E3F-4B57-84EF-3AF40F6378F1", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:11.6.1:*:*:*:*:*:*:*", matchCriteriaId: "2A065BC0-56BD-4665-A860-EBA37F1A4D8C", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-ip_analytics:12.0.0:*:*:*:*:*:*:*", matchCriteriaId: "D0EDB8E9-E6FB-406E-B1D3-C620F114804C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:f5:big-iq_security:4.0.0:*:*:*:*:*:*:*", matchCriteriaId: "0303BEA3-02EB-4F7C-96C5-29E231832CEA", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.1.0:*:*:*:*:*:*:*", matchCriteriaId: "27CAD4CD-9228-4DE5-A333-2862AC18F24B", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.2.0:*:*:*:*:*:*:*", matchCriteriaId: "283BF2C8-BED6-4FB5-91C0-E53F338F3AF2", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.3.0:*:*:*:*:*:*:*", matchCriteriaId: "D98BEE39-FD68-49FC-A2A2-8926FFA4BF51", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.4.0:*:*:*:*:*:*:*", matchCriteriaId: "0003813A-C1A8-4ED1-A04C-7AE961E7FA22", vulnerable: true, }, { criteria: "cpe:2.3:a:f5:big-iq_security:4.5.0:*:*:*:*:*:*:*", matchCriteriaId: "DEC1A702-0CCB-48F9-A42E-D8C756DD9D76", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.x before 11.2.1 HF16 and 11.3.0; BIG-IP GTM 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, and 11.6.x before 11.6.1 HF1; BIG-IP PSM 11.2.x before 11.2.1 HF16, 11.3.x, and 11.4.0 through 11.4.1; Enterprise Manager 3.1.1; BIG-IQ Cloud and Security 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 5.0.0; BIG-IQ Cloud and Orchestration 1.0.0; and iWorkflow 2.0.0, when Packet Filtering is enabled on virtual servers and possibly self IP addresses, allow remote attackers to cause a denial of service (Traffic Management Microkernel restart) and possibly have unspecified other impact via crafted network traffic.", }, { lang: "es", value: "F5 BIG-IP LTM, Analytics, APM, ASM y Link Controller 11.2.x en versiones anteriores a 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x en versiones anteriores a 11.5.4 HF2, 11.6.x en versiones anteriores a 11.6.1 HF1 y 12.x en versiones anteriores a 12.0.0 HF3; BIG-IP AAM, AFM y PEM 11.4.x, 11.5.x en versiones anteriores a 11.5.4 HF2, 11.6.x en versiones anteriores a 11.6.1 HF1 y 12.x en versiones anteriores a 12.0.0 HF3; BIG-IP DNS 12.x en versiones anteriores a 12.0.0 HF3; BIG-IP Edge Gateway, WebAccelerator y WOM 11.2.x en versiones anteriores a 11.2.1 HF16 y 11.3.0; BIG-IP GTM 11.2.x en versiones anteriores a 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x en versiones anteriores a 11.5.4 HF2 y 11.6.x en versiones anteriores a 11.6.1 HF1; BIG-IP PSM 11.2.x en versiones anteriores a 11.2.1 HF16, 11.3.x y 11.4.0 hasta la version 11.4.1; Enterprise Manager 3.1.1; BIG-IQ Cloud and Security 4.0.0 hasta la version 4.5.0; BIG-IQ Device 4.2.0 hasta la version 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 5.0.0; BIG-IQ Cloud and Orchestration 1.0.0 y iWorkflow 2.0.0, cuando Packet Filtering está habilitado en servidores virtuales y posiblemente en direcciones IP automáticas, permite a atacantes remotos provocar una denegación de servicio (reinicio de Traffic Management Microkernel) y posiblemente tener otro impacto no especificado a través de tráfico de red manipulado.", }, ], id: "CVE-2016-5022", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-09-07T19:28:02.723", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036709", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036710", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/06/sol06045217.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036709", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1036710", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://support.f5.com/kb/en-us/solutions/public/k/06/sol06045217.html", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }