Skip to main content

Big Ip Local Traffic Manager CVE-2014-8727

MEDIUM
Path Traversal (CWE-22)
2014-11-17 cve@mitre.org
6.2
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.2 MEDIUM
AV:L/AC:L/Au:S/C:N/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:L/AC:L/Au:S/C:N/I:C/A:C
Attack Vector
Local
Attack Complexity
Low
Confidentiality
None
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Nov 17, 2014 - 16:59 cve.org
MEDIUM 6.2

DescriptionCVE.org

Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form.

AnalysisAI

Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. Rated medium severity (CVSS 6.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form. Affected products include: F5 Big-Ip Local Traffic Manager. Version information: before 10.2.2.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2012-1493 HIGH POC
7.8 Jul 09

F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x before 11.0.0-HF2, and 11.1.x before 11.1.0-HF3, a

CVE-2015-3628 CRITICAL POC
9.0 Dec 07

The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.

CVE-2015-7547 HIGH POC
8.1 Feb 18

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C

CVE-2014-2928 HIGH POC
7.1 May 12

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5

CVE-2016-9244 HIGH POC
7.5 Feb 09

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may

CVE-2025-20029 HIGH
8.7 Feb 05

F5 BIG-IP contains an authenticated command injection in the iControl REST API and TMOS Shell (tmsh) save command. Authe

CVE-2023-46747 CRITICAL POC
9.8 Oct 26

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BI

CVE-2022-1388 CRITICAL POC
9.8 May 05

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13

CVE-2021-22986 CRITICAL POC
9.8 Mar 31

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.

CVE-2022-41622 HIGH POC
8.8 Dec 07

In all versions, BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. Ra

CVE-2022-41800 HIGH POC
8.7 Dec 07

In all versions of BIG-IP, when running in Appliance mode, an authenticated user assigned the Administrator role may be

CVE-2016-5700 CRITICAL POC
9.8 Oct 03

Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 1

Share

CVE-2014-8727 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy