CVE-2014-2928
Vulnerability from cvelistv5
Published
2014-05-12 14:00
Modified
2024-08-06 10:28
Severity ?
EPSS score ?
Summary
The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:28:46.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140507 Moar F5 fun in iControl API",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/May/32"
},
{
"name": "34927",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/34927"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html"
},
{
"name": "106728",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/106728"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-14T14:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20140507 Moar F5 fun in iControl API",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/May/32"
},
{
"name": "34927",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/34927"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html"
},
{
"name": "106728",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/106728"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-2928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140507 Moar F5 fun in iControl API",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/32"
},
{
"name": "34927",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34927"
},
{
"name": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html",
"refsource": "CONFIRM",
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html"
},
{
"name": "106728",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/106728"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-2928",
"datePublished": "2014-05-12T14:00:00",
"dateReserved": "2014-04-21T00:00:00",
"dateUpdated": "2024-08-06T10:28:46.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2014-2928\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2014-05-12T14:55:06.587\",\"lastModified\":\"2015-11-20T16:24:43.317\",\"vulnStatus\":\"Analyzed\",\"evaluatorComment\":\"Per: http://cwe.mitre.org/data/definitions/77.html\\n\\n\\\"CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\\\"\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request.\"},{\"lang\":\"es\",\"value\":\"La API iControl en F5 BIG-IP LTM, APM, ASM, GTM, Link Controller y PSM 10.0.0 hasta 10.2.4 y 11.0.0 hasta 11.5.1, BIG-IP AAM 11.4.0 hasta 11.5.1, BIG-IP AFM y PEM 11.3.0 hasta 11.5.1, BIG-IP Analytics 11.0.0 hasta 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 hasta 10.2.4 y 11.0.0 hasta 11.3.0, Enterprise Manager 2.1.0 hasta 2.3.0 y 3.0.0 hasta 3.1.1 y BIG-IQ Cloud, Device y Security 4.0.0 hasta 4.3.0 permite a administradores remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en el elemento de nombre de anfitri\u00f3n en una solicitud SOAP.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:S/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":7.1},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:9.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CB7340E-36AE-40F0-8B38-247803F97038\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:9.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEFEE12B-A78F-4288-A98F-2497531D0EAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:9.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D4AE2CE-4A4B-4B5F-992C-F939E1CDE6FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:9.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAB821F7-26DB-4C74-9129-BBC50DF0C2F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:9.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD6FE682-3B40-42B0-A3BC-4281F0003248\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:9.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFC8D1C6-69AC-4423-A1C7-4093236A7F51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:9.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38CDACEA-9235-4B7F-AC2B-4ACFB4BD9918\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:9.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF5FC5A6-0CD0-47E3-87F9-F09BB1B4B920\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:9.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7317A692-0D9D-4DF4-99AD-893187E3F298\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:10.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E951823B-9791-48C7-A804-18FEBEC31279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:10.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E3427DB-2918-4934-A3C1-FA5F1632364F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78F1A903-4AF5-4FE6-92B0-9F0B64723804\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:10.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"383966C0-2FDD-4755-BA16-EE73D4577DFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:10.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AD7519A-2F81-42CB-A18A-0BA9DB0F90D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:10.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F16F5CB9-3A92-4A96-BC24-993FCF3DC13F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:10.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2748B48B-3E2A-4837-981E-5049CF627CBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:10.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A2E767A-65BC-420B-9BA3-12B51575FB37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:11.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5E8E654-DA20-45F9-A25E-44D1E31F64C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:11.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C8FCFDA-703B-42DC-91FF-00066E88E49D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:11.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CA49611-A8E4-454E-98AD-B64C0202838F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF7FCC81-2F1D-4EF5-956B-085FB7FEFAE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_webaccelerator:11.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"200A9CE9-E56D-4EFA-AC8A-954F945DDDBB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:10.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E1C4384-1728-4A71-8634-DCE3F2AEB8F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:10.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AC8AA37-9962-4CF6-99E5-A6F94582B107\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF1FD1C1-6980-4E9F-8DEF-D9E552510481\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9F443F1-C43F-42AD-98E4-AE11C72F363E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AF61656-A266-4A2D-A001-54339716A4A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FC92F47-75EB-487A-B4A2-2B0B4C78B10D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:11.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C72FF118-E7A5-42DE-A9A0-703E71615045\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:9.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8463B1D-8442-4D50-BAAA-122280496A98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:9.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6448016D-1A8E-42E3-81F8-80772D4EE6B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:9.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C54690EB-578A-45DA-9324-4CE84B084BCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:9.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50B828D6-7221-4F94-9C0D-4483E60576EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:10.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2691943C-1FD1-43EE-B070-E35710E426ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:10.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B10D9D9-BC40-4889-9196-C8EA7C571160\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"288EB1AC-9DE3-4FE2-AE4D-006A49199877\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1405D7AE-D14C-40F6-9144-EF2F18A6EBC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E807E667-0597-4F14-902A-B922C94F572C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02614B4F-0E90-456E-B7ED-387A3007FB45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F482624A-BE79-4A87-B676-DBB57369D31C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77888947-80CB-46B3-910E-DCCFDF6B3D47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:11.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3251DB7F-0436-48D5-AF7B-F812237DB926\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:11.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8600FF27-4407-4755-A1E3-5648D9ACCB1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3A84AF1-A18E-4AFD-B85E-49CE46A548D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA54B88F-4A16-4F40-8A3B-B107F0CA2334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:11.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17C28542-51A4-4464-ADF9-C6376F829F4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"584853F9-644F-40B2-A28F-1CE9B51F84F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFE665CF-A633-474E-9519-D20E3D3958CF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:10.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71578014-E3CD-40A9-8AE4-537C970B4B2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:10.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A4D2DA3-1EF3-428A-ACC0-1C438D6F8648\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4758B4CB-5CD9-4505-8E91-E5E849937A63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:10.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C801C53F-9ECC-42B9-A119-5046706CA621\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:10.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02A544E4-B9BB-4735-8239-4FC57473BB1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:10.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91E5BF8D-7391-49E3-A17A-26A1F138A3C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:11.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C2FFC93-7053-441C-AD96-ED57F97E9A70\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:10.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65D810F8-6062-4901-9832-226F80287C8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:10.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EBC2A0DC-D931-4450-8D0F-3223A8EDCED9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6C19BDD-1286-48C7-8E7D-66C100D02319\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:10.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B4653A4-833F-4381-86E9-452F19A53868\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:10.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFCB7C80-DDA6-421C-92E8-E6E56E414E81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:10.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"494085EA-7445-4592-8795-DCC035BDDC52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:11.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"094BD2B6-E269-4647-A77C-B584805B6203\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:10.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16ACB60E-B9E9-402A-BE42-DF5C892C2257\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:10.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EE87BAD-382E-4FA7-BCF9-88EFA36DAB3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6363B0D-AC1F-4AF5-BC02-19F77A85F3AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80B80111-6F28-4E7F-B9DE-27825866A138\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A8D0587-ED89-4CDB-960D-37FBD522B146\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B77088CC-8C8C-4D6E-9770-634A5BF62A3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:11.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AA7DCB7-D01E-492A-A810-01B15F03A783\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB441DC5-813E-4E59-87B8-15731291B135\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F89F4A12-710E-4F7A-9A8D-D8B91889A279\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"126AD92E-6816-42C0-8801-A81B59C11A56\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"890F363A-FC4F-4F52-BBFF-E959F65043A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CE899AF-EA61-4B9D-9523-BF436614CE21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5BA7D7A-02C8-411A-AFBF-D523E57A66C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C14D0DD3-E6A9-43C8-85D7-6DBB16E30DD5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5BE38A0-CD2F-4C18-9EE3-D56A23BDB73A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"476D58C4-7699-45AC-B987-B42B5488240B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30A1197A-7196-49AA-B368-5539180B8B93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3F73DC1-9174-4842-B772-D277D293214A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD575B3E-FBA9-443A-9B52-49766DBE40C4\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:10.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D982EE29-D298-4D39-897A-580D867CDE50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:10.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D477F539-2E79-47BB-A8CF-F3A73AA72A27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:10.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C70B0F91-B269-4753-92E5-69F49CCB498D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:10.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"44847A70-9301-4C53-93AF-8888CF074F6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_edge_gateway:11.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53531CA7-5E47-4C46-BDA5-3B4710085078\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2014/May/32\",\"source\":\"cret@cert.org\"},{\"url\":\"http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.exploit-db.com/exploits/34927\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.osvdb.org/106728\",\"source\":\"cret@cert.org\"}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.