Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2928

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2014-2928
Last Modified 18 Nov 2014 10:00:45
Published 12 May 2014 10:55:06
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2014-2928

Summary

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request.

Vulnerable Systems

Application

  • F5 Big-ip Access Policy Manager 10.1.0

  • F5 Big-ip Access Policy Manager 10.2.0

  • F5 Big-ip Access Policy Manager 10.2.1

  • F5 Big-ip Access Policy Manager 10.2.2

  • F5 Big-ip Access Policy Manager 11.0.0

  • F5 Big-ip Application Security Manager 10.0.0

  • F5 Big-ip Application Security Manager 10.0.1

  • F5 Big-ip Application Security Manager 10.1.0

  • F5 Big-ip Application Security Manager 10.2.0

  • F5 Big-ip Application Security Manager 10.2.1

  • F5 Big-ip Application Security Manager 10.2.2

  • F5 Big-ip Application Security Manager 11.0.0

  • F5 Big-ip Edge Gateway 10.1.0

  • F5 Big-ip Edge Gateway 10.2.0

  • F5 Big-ip Edge Gateway 10.2.1

  • F5 Big-ip Edge Gateway 10.2.2

  • F5 Big-ip Edge Gateway 11.0.0

  • F5 Big-ip Global Traffic Manager 10.0.0

  • F5 Big-ip Global Traffic Manager 10.0.1

  • F5 Big-ip Global Traffic Manager 10.1.0

  • F5 Big-ip Global Traffic Manager 10.2.0

  • F5 Big-ip Global Traffic Manager 10.2.1

  • F5 Big-ip Global Traffic Manager 10.2.2

  • F5 Big-ip Global Traffic Manager 11.0.0

  • F5 Big-ip Link Controller 10.0.0

  • F5 Big-ip Link Controller 10.0.1

  • F5 Big-ip Link Controller 10.1.0

  • F5 Big-ip Link Controller 10.2.0

  • F5 Big-ip Link Controller 10.2.1

  • F5 Big-ip Link Controller 10.2.2

  • F5 Big-ip Link Controller 11.0.0

  • F5 Big-ip Local Traffic Manager 10.0.0

  • F5 Big-ip Local Traffic Manager 10.0.1

  • F5 Big-ip Local Traffic Manager 10.1.0

  • F5 Big-ip Local Traffic Manager 10.2.0

  • F5 Big-ip Local Traffic Manager 10.2.1

  • F5 Big-ip Local Traffic Manager 10.2.2

  • F5 Big-ip Local Traffic Manager 11.0.0

  • F5 Big-ip Protocol Security Module 10.0.0

  • F5 Big-ip Protocol Security Module 10.0.1

  • F5 Big-ip Protocol Security Module 10.1.0

  • F5 Big-ip Protocol Security Module 10.2.0

  • F5 Big-ip Protocol Security Module 10.2.1

  • F5 Big-ip Protocol Security Module 10.2.2

  • F5 Big-ip Protocol Security Module 10.2.3

  • F5 Big-ip Protocol Security Module 10.2.4

  • F5 Big-ip Protocol Security Module 11.0.0

  • F5 Big-ip Protocol Security Module 11.1.0

  • F5 Big-ip Protocol Security Module 11.2.0

  • F5 Big-ip Protocol Security Module 11.2.1

  • F5 Big-ip Protocol Security Module 11.3.0

  • F5 Big-ip Protocol Security Module 11.4.0

  • F5 Big-ip Protocol Security Module 11.4.1

  • F5 Big-ip Protocol Security Module 9.4.5

  • F5 Big-ip Protocol Security Module 9.4.6

  • F5 Big-ip Protocol Security Module 9.4.7

  • F5 Big-ip Protocol Security Module 9.4.8

  • F5 Big-ip Wan Optimization Manager 10.0.0

  • F5 Big-ip Wan Optimization Manager 10.0.1

  • F5 Big-ip Wan Optimization Manager 10.1.0

  • F5 Big-ip Wan Optimization Manager 10.2.0

  • F5 Big-ip Wan Optimization Manager 10.2.1

  • F5 Big-ip Wan Optimization Manager 10.2.2

  • F5 Big-ip Wan Optimization Manager 11.0.0

  • F5 Big-ip Webaccelerator 10.0.0

  • F5 Big-ip Webaccelerator 10.0.1

  • F5 Big-ip Webaccelerator 10.1.0

  • F5 Big-ip Webaccelerator 10.2.0

  • F5 Big-ip Webaccelerator 10.2.1

  • F5 Big-ip Webaccelerator 10.2.2

  • F5 Big-ip Webaccelerator 10.2.3

  • F5 Big-ip Webaccelerator 10.2.4

  • F5 Big-ip Webaccelerator 11.0.0

  • F5 Big-ip Webaccelerator 11.1.0

  • F5 Big-ip Webaccelerator 11.2.0

  • F5 Big-ip Webaccelerator 11.2.1

  • F5 Big-ip Webaccelerator 11.3.0

  • F5 Big-ip Webaccelerator 9.4.0

  • F5 Big-ip Webaccelerator 9.4.1

  • F5 Big-ip Webaccelerator 9.4.2

  • F5 Big-ip Webaccelerator 9.4.3

  • F5 Big-ip Webaccelerator 9.4.4

  • F5 Big-ip Webaccelerator 9.4.5

  • F5 Big-ip Webaccelerator 9.4.6

  • F5 Big-ip Webaccelerator 9.4.7

  • F5 Big-ip Webaccelerator 9.4.8


References

CONFIRM - http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html

FULLDISC - 20140507 Moar F5 fun in iControl API

OSVDB - 106728

EXPLOIT-DB - 34927


Last Updated: 27 May 2016 11:05:16