Vulnerability CVE-2015-7394


Published: 2015-11-06

Description:
The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, BIG-IP GTM 11.1.0 through 11.6.0, BIG-IP PSM 11.1.0 through 11.4.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ ADC 4.5.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to cause a denial of service or gain privileges by leveraging permission to upload and execute code.

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

CVSS2 => (AV:N/AC:L/Au:S/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
10/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
F5 -> Big-iq device 
F5 -> Big-ip access policy manager 
F5 -> Big-iq security 
F5 -> Big-ip advanced firewall manager 
F5 -> Big-ip protocol security manager 
F5 -> Big-ip analytics 
F5 -> Big-ip protocol security module 
F5 -> Big-ip application acceleration manager 
F5 -> Big-ip application security manager 
F5 -> Big-ip edge gateway 
F5 -> Big-ip enterprise manager 
F5 -> Big-ip global traffic manager 
F5 -> Big-ip link controller 
F5 -> Big-ip local traffic manager 
F5 -> Big-ip policy enforcement manager 
F5 -> Big-ip wan optimization manager 
F5 -> Big-ip webaccelerator 
F5 -> Big-iq adc 
F5 -> Big-iq cloud 

 References:
http://www.securitytracker.com/id/1034025
http://www.securitytracker.com/id/1034026
https://support.f5.com/kb/en-us/solutions/public/17000/400/sol17407.html

Copyright 2024, cxsecurity.com

 

Back to Top