var-201507-0341
Vulnerability from variot
The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. Multiple F5 BIG-IP products are prone to an authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. F5 BIG-IQ Cloud, etc. Cloud is a component that provides iApp lifecycle management and BIG-IP deployment in public and private clouds. Device is a component that provides device inventory, status, backup, update, upgrade and license management. Security is a centralized management component that provides F5 AFM and ASM security solutions. The following products and versions are affected: F5 BIG-IQ Cloud 4.4.0 to 4.5.0, Device 4.4.0 to 4.5.0, Security 4.4.0 to 4.5.0, ADC 4.5.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0341",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-iq security",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-iq cloud",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-iq adc",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-iq device",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-iq device",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "4.4.0"
},
{
"model": "big-iq security",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "4.4.0"
},
{
"model": "big-iq cloud",
"scope": "eq",
"trust": 1.6,
"vendor": "f5",
"version": "4.4.0"
},
{
"model": "big-iq application delivery controller",
"scope": "lt",
"trust": 0.8,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-iq application delivery controller",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "4.5.0 hf2"
},
{
"model": "big-iq device",
"scope": "lt",
"trust": 0.8,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-iq device",
"scope": "lt",
"trust": 0.8,
"vendor": "f5",
"version": "4.4.0"
},
{
"model": "big-iq security",
"scope": "lt",
"trust": 0.8,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-iq cloud",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "4.5.0 hf2"
},
{
"model": "big-iq cloud",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "4.4.0 hf2"
},
{
"model": "big-iq security",
"scope": "lt",
"trust": 0.8,
"vendor": "f5",
"version": "4.4.0"
},
{
"model": "big-iq security",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "4.4.0 hf2"
},
{
"model": "big-iq device",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "4.5.0 hf2"
},
{
"model": "big-iq device",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "4.4.0 hf2"
},
{
"model": "big-iq cloud",
"scope": "lt",
"trust": 0.8,
"vendor": "f5",
"version": "4.4.0"
},
{
"model": "big-iq cloud",
"scope": "lt",
"trust": 0.8,
"vendor": "f5",
"version": "4.5.0"
},
{
"model": "big-iq security",
"scope": "eq",
"trust": 0.8,
"vendor": "f5",
"version": "4.5.0 hf2"
},
{
"model": "big-iq security",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-iq security",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-iq device",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-iq device",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-iq cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-iq cloud",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-iq adc",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-iq security hf2",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-iq security hf2",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-iq device hf2",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-iq device hf2",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-iq cloud hf2",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
},
{
"model": "big-iq cloud hf2",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.4"
},
{
"model": "big-iq adc hf2",
"scope": "ne",
"trust": 0.3,
"vendor": "f5",
"version": "4.5"
}
],
"sources": [
{
"db": "BID",
"id": "75943"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003879"
},
{
"db": "NVD",
"id": "CVE-2015-4637"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-624"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_cloud:4.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_device:4.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_device:4.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_security:4.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_cloud:4.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_security:4.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-iq_adc:4.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4637"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "75943"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4637",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-4637",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-82598",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-4637",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-624",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-82598",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-4637",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82598"
},
{
"db": "VULMON",
"id": "CVE-2015-4637"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003879"
},
{
"db": "NVD",
"id": "CVE-2015-4637"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-624"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name. Supplementary information : CWE Vulnerability type by CWE-17: Code ( code ) Has been identified. Multiple F5 BIG-IP products are prone to an authentication-bypass vulnerability. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. F5 BIG-IQ Cloud, etc. Cloud is a component that provides iApp lifecycle management and BIG-IP deployment in public and private clouds. Device is a component that provides device inventory, status, backup, update, upgrade and license management. Security is a centralized management component that provides F5 AFM and ASM security solutions. The following products and versions are affected: F5 BIG-IQ Cloud 4.4.0 to 4.5.0, Device 4.4.0 to 4.5.0, Security 4.4.0 to 4.5.0, ADC 4.5.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4637"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003879"
},
{
"db": "BID",
"id": "75943"
},
{
"db": "VULHUB",
"id": "VHN-82598"
},
{
"db": "VULMON",
"id": "CVE-2015-4637"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4637",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003879",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-624",
"trust": 0.7
},
{
"db": "BID",
"id": "75943",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-82598",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-4637",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82598"
},
{
"db": "VULMON",
"id": "CVE-2015-4637"
},
{
"db": "BID",
"id": "75943"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003879"
},
{
"db": "NVD",
"id": "CVE-2015-4637"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-624"
}
]
},
"id": "VAR-201507-0341",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-82598"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:09:10.502000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SOL16861: BIG-IQ remote authentication vulnerability CVE-2015-4637",
"trust": 0.8,
"url": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003879"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
},
{
"problemtype": "CWE-17",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82598"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003879"
},
{
"db": "NVD",
"id": "CVE-2015-4637"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4637"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4637"
},
{
"trust": 0.3,
"url": "http://www.f5.com/products/big-ip/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/17.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/75943"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82598"
},
{
"db": "VULMON",
"id": "CVE-2015-4637"
},
{
"db": "BID",
"id": "75943"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003879"
},
{
"db": "NVD",
"id": "CVE-2015-4637"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-624"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-82598"
},
{
"db": "VULMON",
"id": "CVE-2015-4637"
},
{
"db": "BID",
"id": "75943"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003879"
},
{
"db": "NVD",
"id": "CVE-2015-4637"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-624"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-82598"
},
{
"date": "2015-07-16T00:00:00",
"db": "VULMON",
"id": "CVE-2015-4637"
},
{
"date": "2015-07-06T00:00:00",
"db": "BID",
"id": "75943"
},
{
"date": "2015-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003879"
},
{
"date": "2015-07-16T14:59:04.823000",
"db": "NVD",
"id": "CVE-2015-4637"
},
{
"date": "2015-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-624"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-82598"
},
{
"date": "2015-07-21T00:00:00",
"db": "VULMON",
"id": "CVE-2015-4637"
},
{
"date": "2015-07-06T00:00:00",
"db": "BID",
"id": "75943"
},
{
"date": "2015-07-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003879"
},
{
"date": "2015-07-21T15:13:17",
"db": "NVD",
"id": "CVE-2015-4637"
},
{
"date": "2015-07-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-624"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-624"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural F5 BIG-IQ Series products REST API Vulnerable to obtaining an authentication token for arbitrary users",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003879"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-624"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.