Skip to main content

Big Ip Webaccelerator CVE-2014-2928

HIGH
2014-05-12 cret@cert.org
7.1
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:H/Au:S/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:H/Au:S/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
High
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
May 12, 2014 - 14:55 cve.org
HIGH 7.1

DescriptionCVE.org

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request.

AnalysisAI

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 64.6%.

Technical ContextAI

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request. Affected products include: F5 Big-Ip Webaccelerator, F5 Big-Ip Local Traffic Manager, F5 Big-Ip Protocol Security Module, F5 Big-Ip Link Controller, F5 Big-Ip Application Security Manager. Version information: through 10.2.4.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2015-3628 CRITICAL POC
9.0 Dec 07

The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.

CVE-2025-20029 HIGH
8.7 Feb 05

F5 BIG-IP contains an authenticated command injection in the iControl REST API and TMOS Shell (tmsh) save command. Authe

CVE-2023-46747 CRITICAL POC
9.8 Oct 26

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BI

CVE-2014-2927 CRITICAL POC
9.3 Oct 15

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before

CVE-2019-10744 CRITICAL POC
9.1 Jul 26

Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. Rated critical severity (CVSS 9.1), this vu

CVE-2023-46748 HIGH POC
8.8 Oct 26

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated

CVE-2024-45844 HIGH POC
8.6 Oct 16

BIG-IP monitor functionality may allow an attacker to bypass access control restrictions, regardless of the port lockdow

CVE-2015-4047 HIGH POC
7.8 May 29

racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and

CVE-2019-6974 HIGH POC
8.1 Feb 15

In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because

CVE-2019-9075 HIGH POC
7.8 Feb 24

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. R

CVE-2018-14634 HIGH POC
7.8 Sep 25

An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. Rated high severity (CVSS 7.8), t

CVE-2018-13405 HIGH POC
7.8 Jul 06

The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an

Share

CVE-2014-2928 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy