CVE-2014-2928

🗓️ 12 May 2014 14:00:00Reported by certccType

cve🔗 web.nvd.nist.gov👁 67 Views🌐 WEB

F5 BIG-IP products 10.0.0-11.5.1, AAM, AFM, PEM, Analytics, Enterprise Manager, BIG-IQ Cloud, Device, and Security 4.0-4.3.0 allows remote code execution via shell metacharacters

Reporter	Title	Published	Views	Family All 16
0day.today	F5 iControl Remote Command Execution Vulnerability	9 May 201400:00	–	zdt
0day.today	F5 iControl Remote Root Command Execution Exploit	9 Oct 201400:00	–	zdt
Circl	CVE-2014-2928	9 Oct 201400:00	–	circl
Check Point Advisories	F5 Multiple Products iControl API hostname Remote Command Execution (CVE-2014-2928)	9 Nov 201400:00	–	checkpoint_advisories
Cvelist	CVE-2014-2928	12 May 201414:00	–	cvelist
Exploit DB	F5 iControl - Remote Command Execution (Metasploit)	9 Oct 201400:00	–	exploitdb
F5 Networks	K15220: iControl vulnerability CVE-2014-2928	21 Feb 202319:34	–	f5
F5 Networks	SOL15220 - iControl vulnerability CVE-2014-2928	7 May 201400:00	–	f5
Tenable Nessus	F5 Networks BIG-IP : iControl vulnerability (K15220)	10 Oct 201400:00	–	nessus
Metasploit	F5 iControl Remote Root Command Execution	27 Sep 201415:40	–	metasploit

NVD

Node

f5 big-ip_webacceleratorMatch9.4.0

f5 big-ip_webacceleratorMatch9.4.1

f5 big-ip_webacceleratorMatch9.4.2

f5 big-ip_webacceleratorMatch9.4.3

f5 big-ip_webacceleratorMatch9.4.4

f5 big-ip_webacceleratorMatch9.4.5

f5 big-ip_webacceleratorMatch9.4.6

f5 big-ip_webacceleratorMatch9.4.7

f5 big-ip_webacceleratorMatch9.4.8

f5 big-ip_webacceleratorMatch10.0.0

f5 big-ip_webacceleratorMatch10.0.1

f5 big-ip_webacceleratorMatch10.1.0

f5 big-ip_webacceleratorMatch10.2.0

f5 big-ip_webacceleratorMatch10.2.1

f5 big-ip_webacceleratorMatch10.2.2

f5 big-ip_webacceleratorMatch10.2.3

f5 big-ip_webacceleratorMatch10.2.4

f5 big-ip_webacceleratorMatch11.0.0

f5 big-ip_webacceleratorMatch11.1.0

f5 big-ip_webacceleratorMatch11.2.0

f5 big-ip_webacceleratorMatch11.2.1

f5 big-ip_webacceleratorMatch11.3.0

Node

f5 big-ip_local_traffic_managerMatch10.0.0

f5 big-ip_local_traffic_managerMatch10.0.1

f5 big-ip_local_traffic_managerMatch10.1.0

f5 big-ip_local_traffic_managerMatch10.2.0

f5 big-ip_local_traffic_managerMatch10.2.1

f5 big-ip_local_traffic_managerMatch10.2.2

f5 big-ip_local_traffic_managerMatch11.0.0

Node

f5 big-ip_protocol_security_moduleMatch9.4.5

f5 big-ip_protocol_security_moduleMatch9.4.6

f5 big-ip_protocol_security_moduleMatch9.4.7

f5 big-ip_protocol_security_moduleMatch9.4.8

f5 big-ip_protocol_security_moduleMatch10.0.0

f5 big-ip_protocol_security_moduleMatch10.0.1

f5 big-ip_protocol_security_moduleMatch10.1.0

f5 big-ip_protocol_security_moduleMatch10.2.0

f5 big-ip_protocol_security_moduleMatch10.2.1

f5 big-ip_protocol_security_moduleMatch10.2.2

f5 big-ip_protocol_security_moduleMatch10.2.3

f5 big-ip_protocol_security_moduleMatch10.2.4

f5 big-ip_protocol_security_moduleMatch11.0.0

f5 big-ip_protocol_security_moduleMatch11.1.0

f5 big-ip_protocol_security_moduleMatch11.2.0

f5 big-ip_protocol_security_moduleMatch11.2.1

f5 big-ip_protocol_security_moduleMatch11.3.0

f5 big-ip_protocol_security_moduleMatch11.4.0

f5 big-ip_protocol_security_moduleMatch11.4.1

Node

f5 big-ip_link_controllerMatch10.0.0

f5 big-ip_link_controllerMatch10.0.1

f5 big-ip_link_controllerMatch10.1.0

f5 big-ip_link_controllerMatch10.2.0

f5 big-ip_link_controllerMatch10.2.1

f5 big-ip_link_controllerMatch10.2.2

f5 big-ip_link_controllerMatch11.0.0

Node

f5 big-ip_application_security_managerMatch10.0.0

f5 big-ip_application_security_managerMatch10.0.1

f5 big-ip_application_security_managerMatch10.1.0

f5 big-ip_application_security_managerMatch10.2.0

f5 big-ip_application_security_managerMatch10.2.1

f5 big-ip_application_security_managerMatch10.2.2

f5 big-ip_application_security_managerMatch11.0.0

Node

f5 big-ip_global_traffic_managerMatch10.0.0

f5 big-ip_global_traffic_managerMatch10.0.1

f5 big-ip_global_traffic_managerMatch10.1.0

f5 big-ip_global_traffic_managerMatch10.2.0

f5 big-ip_global_traffic_managerMatch10.2.1

f5 big-ip_global_traffic_managerMatch10.2.2

f5 big-ip_global_traffic_managerMatch11.0.0

Node

f5 big-ip_wan_optimization_managerMatch10.0.0

f5 big-ip_wan_optimization_managerMatch10.0.1

f5 big-ip_wan_optimization_managerMatch10.1.0

f5 big-ip_wan_optimization_managerMatch10.2.0

f5 big-ip_wan_optimization_managerMatch10.2.1

f5 big-ip_wan_optimization_managerMatch10.2.2

f5 big-ip_wan_optimization_managerMatch11.0.0

Node

f5 big-ip_access_policy_managerMatch10.1.0

f5 big-ip_access_policy_managerMatch10.2.0

f5 big-ip_access_policy_managerMatch10.2.1

f5 big-ip_access_policy_managerMatch10.2.2

f5 big-ip_access_policy_managerMatch11.0.0

Node

f5 big-ip_edge_gatewayMatch10.1.0

f5 big-ip_edge_gatewayMatch10.2.0

f5 big-ip_edge_gatewayMatch10.2.1

f5 big-ip_edge_gatewayMatch10.2.2

f5 big-ip_edge_gatewayMatch11.0.0

Source	Link
exploit-db	www.exploit-db.com/exploits/34927
osvdb	www.osvdb.org/106728
support	www.support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html
seclists	www.seclists.org/fulldisclosure/2014/May/32

Parameter	Position	Path	Description	CWE
hostname	request body	iControl/iControlPortal.cgi	Remote command execution via the hostname field in the iControl SOAP request used by the iControlPortal.cgi endpoint.

06 May 2026 22:30Current

7.5High risk

Vulners AI Score7.5

CVSS 27.1

EPSS0.64597

f5 big-ip ltm apm asm gtm link controller psm aam afm pem analytics enterprise manager big-iq cloud device security remote code execution cve-2014-2928