VAR-201507-0341
Vulnerability from variot - Updated: 2023-12-18 13:09The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. Multiple F5 BIG-IP products are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. F5 BIG-IQ Cloud, etc. Cloud is a component that provides iApp lifecycle management and BIG-IP deployment in public and private clouds. Device is a component that provides device inventory, status, backup, update, upgrade and license management. Security is a centralized management component that provides F5 AFM and ASM security solutions. The following products and versions are affected: F5 BIG-IQ Cloud 4.4.0 to 4.5.0, Device 4.4.0 to 4.5.0, Security 4.4.0 to 4.5.0, ADC 4.5.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0341",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-iq security",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-iq cloud",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-iq adc",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-iq device",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-iq device",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "4.4.0"
},
{
"model": "big-iq security",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "4.4.0"
},
{
"model": "big-iq cloud",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "4.4.0"
},
{
"model": "big-iq application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-iq application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "4.5.0 hf2"
},
{
"model": "big-iq device",
"scope": "lt",
"trust": 0.8,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-iq device",
"scope": "lt",
"trust": 0.8,
"vendor": "f5",
"version": "4.4.0"
},
{
"model": "big-iq security",
"scope": "lt",
"trust": 0.8,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-iq cloud",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "4.5.0 hf2"
},
{
"model": "big-iq cloud",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "4.4.0 hf2"
},
{
"model": "big-iq security",
"scope": "lt",
"trust": 0.8,
"vendor": "f5",
"version": "4.4.0"
},
{
"model": "big-iq security",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "4.4.0 hf2"
},
{
"model": "big-iq device",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "4.5.0 hf2"
},
{
"model": "big-iq device",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "4.4.0 hf2"
},
{
"model": "big-iq cloud",
"scope": "lt",
"trust": 0.8,
"vendor": "f5",
"version": "4.4.0"
},
{
"model": "big-iq cloud",
"scope": "lt",
"trust": 0.8,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-iq security",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "4.5.0 hf2"
},
{
"model": "big-iq security",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-iq security",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-iq device",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-iq device",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-iq cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-iq cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-iq adc",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-iq security hf2",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-iq security hf2",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-iq device hf2",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-iq device hf2",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-iq cloud hf2",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-iq cloud hf2",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-iq adc hf2",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
}
],
"sources": [
{
"db": "BID",
"id": "75943"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003879"
},
{
"db": "NVD",
"id": "CVE-2015-4637"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-624"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_cloud:4.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_device:4.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_device:4.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_security:4.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_cloud:4.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_security:4.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_adc:4.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4637"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "75943"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4637",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-4637",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-82598",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-4637",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-624",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-82598",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-4637",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82598"
},
{
"db": "VULMON",
"id": "CVE-2015-4637"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003879"
},
{
"db": "NVD",
"id": "CVE-2015-4637"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-624"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. Multiple F5 BIG-IP products are prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. F5 BIG-IQ Cloud, etc. Cloud is a component that provides iApp lifecycle management and BIG-IP deployment in public and private clouds. Device is a component that provides device inventory, status, backup, update, upgrade and license management. Security is a centralized management component that provides F5 AFM and ASM security solutions. The following products and versions are affected: F5 BIG-IQ Cloud 4.4.0 to 4.5.0, Device 4.4.0 to 4.5.0, Security 4.4.0 to 4.5.0, ADC 4.5.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4637"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003879"
},
{
"db": "BID",
"id": "75943"
},
{
"db": "VULHUB",
"id": "VHN-82598"
},
{
"db": "VULMON",
"id": "CVE-2015-4637"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4637",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003879",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-624",
"trust": 0.7
},
{
"db": "BID",
"id": "75943",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-82598",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-4637",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82598"
},
{
"db": "VULMON",
"id": "CVE-2015-4637"
},
{
"db": "BID",
"id": "75943"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003879"
},
{
"db": "NVD",
"id": "CVE-2015-4637"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-624"
}
]
},
"id": "VAR-201507-0341",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-82598"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:09:10.502000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SOL16861: BIG-IQ remote authentication vulnerability CVE-2015-4637",
"trust": 0.8,
"url": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003879"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
},
{
"problemtype": "CWE-17",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82598"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003879"
},
{
"db": "NVD",
"id": "CVE-2015-4637"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4637"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4637"
},
{
"trust": 0.3,
"url": "http://www.f5.com/products/big-ip/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/17.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/75943"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82598"
},
{
"db": "VULMON",
"id": "CVE-2015-4637"
},
{
"db": "BID",
"id": "75943"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003879"
},
{
"db": "NVD",
"id": "CVE-2015-4637"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-624"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-82598"
},
{
"db": "VULMON",
"id": "CVE-2015-4637"
},
{
"db": "BID",
"id": "75943"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003879"
},
{
"db": "NVD",
"id": "CVE-2015-4637"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-624"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-82598"
},
{
"date": "2015-07-16T00:00:00",
"db": "VULMON",
"id": "CVE-2015-4637"
},
{
"date": "2015-07-06T00:00:00",
"db": "BID",
"id": "75943"
},
{
"date": "2015-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003879"
},
{
"date": "2015-07-16T14:59:04.823000",
"db": "NVD",
"id": "CVE-2015-4637"
},
{
"date": "2015-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-624"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-82598"
},
{
"date": "2015-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2015-4637"
},
{
"date": "2015-07-06T00:00:00",
"db": "BID",
"id": "75943"
},
{
"date": "2015-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003879"
},
{
"date": "2015-07-21T15:13:17",
"db": "NVD",
"id": "CVE-2015-4637"
},
{
"date": "2015-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-624"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-624"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural F5 BIG-IQ Series products REST API Vulnerable to obtaining an authentication token for arbitrary users",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003879"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-624"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…