Podatność CVE-2015-3628

Podatność CVE-2015-3628

Publikacja: 2015-12-07

Opis:

Typ:

(Permissions, Privileges, and Access Controls)

Ogólna skala CVSS	Znaczenie	Łatwość wykorzystania
9/10	10/10	8/10

Affected software
F5 -> Big-iq device
F5 -> Big-iq security
F5 -> Big-ip access policy manager
F5 -> Big-ip protocol security manager
F5 -> Big-ip advanced firewall manager
F5 -> Big-ip protocol security module
F5 -> Big-ip analytics
F5 -> Big-ip application acceleration manager
F5 -> Big-ip application security manager
F5 -> Big-ip edge gateway
F5 -> Big-ip enterprise manager
F5 -> Big-ip global traffic manager
F5 -> Big-ip link controller
F5 -> Big-ip local traffic manager
F5 -> Big-ip policy enforcement manager
F5 -> Big-ip wan optimization manager
F5 -> Big-ip webaccelerator
F5 -> Big-iq adc
F5 -> Big-iq cloud

http://packetstormsecurity.com/files/134434/F5-iControl-iCall-Script-Root-Command-Execution.html

http://www.rapid7.com/db/modules/exploit/linux/http/f5_icall_cmd

http://www.securitytracker.com/id/1034306

http://www.securitytracker.com/id/1034307

https://gdssecurity.squarespace.com/labs/2015/9/8/f5-icallscript-privilege-escalation-cve-2015-3628.html

https://support.f5.com/kb/en-us/solutions/public/16000/700/sol16728.html

https://www.exploit-db.com/exploits/38764/