Lucene search

[email protected]CVE-2014-2928

HistoryMay 12, 2014 - 2:55 p.m.

CVE-2014-2928

2014-05-1214:55:06

[email protected]

web.nvd.nist.gov

big-ip

ltm

apm

asm

gtm

link controller

psm

aam

afm

pem

analytics

enterprise manager

big-iq cloud

device

security

remote code execution

cve-2014-2928

7.5 High

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:S/C:C/I:C/A:C

0.624 Medium

EPSS

Percentile

97.8%

JSON

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request.

Affected configurations

NVD

Node

f5big-ip_webacceleratorMatch9.4.0

f5big-ip_webacceleratorMatch9.4.1

f5big-ip_webacceleratorMatch9.4.2

f5big-ip_webacceleratorMatch9.4.3

f5big-ip_webacceleratorMatch9.4.4

f5big-ip_webacceleratorMatch9.4.5

f5big-ip_webacceleratorMatch9.4.6

f5big-ip_webacceleratorMatch9.4.7

f5big-ip_webacceleratorMatch9.4.8

f5big-ip_webacceleratorMatch10.0.0

f5big-ip_webacceleratorMatch10.0.1

f5big-ip_webacceleratorMatch10.1.0

f5big-ip_webacceleratorMatch10.2.0

f5big-ip_webacceleratorMatch10.2.1

f5big-ip_webacceleratorMatch10.2.2

f5big-ip_webacceleratorMatch10.2.3

f5big-ip_webacceleratorMatch10.2.4

f5big-ip_webacceleratorMatch11.0.0

f5big-ip_webacceleratorMatch11.1.0

f5big-ip_webacceleratorMatch11.2.0

f5big-ip_webacceleratorMatch11.2.1

f5big-ip_webacceleratorMatch11.3.0

Node

f5big-ip_local_traffic_managerMatch10.0.0

f5big-ip_local_traffic_managerMatch10.0.1

f5big-ip_local_traffic_managerMatch10.1.0

f5big-ip_local_traffic_managerMatch10.2.0

f5big-ip_local_traffic_managerMatch10.2.1

f5big-ip_local_traffic_managerMatch10.2.2

f5big-ip_local_traffic_managerMatch11.0.0

Node

f5big-ip_protocol_security_moduleMatch9.4.5

f5big-ip_protocol_security_moduleMatch9.4.6

f5big-ip_protocol_security_moduleMatch9.4.7

f5big-ip_protocol_security_moduleMatch9.4.8

f5big-ip_protocol_security_moduleMatch10.0.0

f5big-ip_protocol_security_moduleMatch10.0.1

f5big-ip_protocol_security_moduleMatch10.1.0

f5big-ip_protocol_security_moduleMatch10.2.0

f5big-ip_protocol_security_moduleMatch10.2.1

f5big-ip_protocol_security_moduleMatch10.2.2

f5big-ip_protocol_security_moduleMatch10.2.3

f5big-ip_protocol_security_moduleMatch10.2.4

f5big-ip_protocol_security_moduleMatch11.0.0

f5big-ip_protocol_security_moduleMatch11.1.0

f5big-ip_protocol_security_moduleMatch11.2.0

f5big-ip_protocol_security_moduleMatch11.2.1

f5big-ip_protocol_security_moduleMatch11.3.0

f5big-ip_protocol_security_moduleMatch11.4.0

f5big-ip_protocol_security_moduleMatch11.4.1

Node

f5big-ip_link_controllerMatch10.0.0

f5big-ip_link_controllerMatch10.0.1

f5big-ip_link_controllerMatch10.1.0

f5big-ip_link_controllerMatch10.2.0

f5big-ip_link_controllerMatch10.2.1

f5big-ip_link_controllerMatch10.2.2

f5big-ip_link_controllerMatch11.0.0

Node

f5big-ip_application_security_managerMatch10.0.0

f5big-ip_application_security_managerMatch10.0.1

f5big-ip_application_security_managerMatch10.1.0

f5big-ip_application_security_managerMatch10.2.0

f5big-ip_application_security_managerMatch10.2.1

f5big-ip_application_security_managerMatch10.2.2

f5big-ip_application_security_managerMatch11.0.0

Node

f5big-ip_global_traffic_managerMatch10.0.0

f5big-ip_global_traffic_managerMatch10.0.1

f5big-ip_global_traffic_managerMatch10.1.0

f5big-ip_global_traffic_managerMatch10.2.0

f5big-ip_global_traffic_managerMatch10.2.1

f5big-ip_global_traffic_managerMatch10.2.2

f5big-ip_global_traffic_managerMatch11.0.0

Node

f5big-ip_wan_optimization_managerMatch10.0.0

f5big-ip_wan_optimization_managerMatch10.0.1

f5big-ip_wan_optimization_managerMatch10.1.0

f5big-ip_wan_optimization_managerMatch10.2.0

f5big-ip_wan_optimization_managerMatch10.2.1

f5big-ip_wan_optimization_managerMatch10.2.2

f5big-ip_wan_optimization_managerMatch11.0.0

Node

f5big-ip_access_policy_managerMatch10.1.0

f5big-ip_access_policy_managerMatch10.2.0

f5big-ip_access_policy_managerMatch10.2.1

f5big-ip_access_policy_managerMatch10.2.2

f5big-ip_access_policy_managerMatch11.0.0

Node

f5big-ip_edge_gatewayMatch10.1.0

f5big-ip_edge_gatewayMatch10.2.0

f5big-ip_edge_gatewayMatch10.2.1

f5big-ip_edge_gatewayMatch10.2.2

f5big-ip_edge_gatewayMatch11.0.0

CPENameOperatorVersion
f5:big-ip_webacceleratorf5 big-ip webacceleratoreq9.4.0
f5:big-ip_webacceleratorf5 big-ip webacceleratoreq9.4.1
f5:big-ip_webacceleratorf5 big-ip webacceleratoreq9.4.2
f5:big-ip_webacceleratorf5 big-ip webacceleratoreq9.4.3
f5:big-ip_webacceleratorf5 big-ip webacceleratoreq9.4.4
f5:big-ip_webacceleratorf5 big-ip webacceleratoreq9.4.5
f5:big-ip_webacceleratorf5 big-ip webacceleratoreq9.4.6
f5:big-ip_webacceleratorf5 big-ip webacceleratoreq9.4.7
f5:big-ip_webacceleratorf5 big-ip webacceleratoreq9.4.8
f5:big-ip_webacceleratorf5 big-ip webacceleratoreq10.0.0

CPE	Name	Operator	Version
f5:big-ip_webaccelerator	f5 big-ip webaccelerator	eq	9.4.0
f5:big-ip_webaccelerator	f5 big-ip webaccelerator	eq	9.4.1
f5:big-ip_webaccelerator	f5 big-ip webaccelerator	eq	9.4.2
f5:big-ip_webaccelerator	f5 big-ip webaccelerator	eq	9.4.3
f5:big-ip_webaccelerator	f5 big-ip webaccelerator	eq	9.4.4
f5:big-ip_webaccelerator	f5 big-ip webaccelerator	eq	9.4.5
f5:big-ip_webaccelerator	f5 big-ip webaccelerator	eq	9.4.6
f5:big-ip_webaccelerator	f5 big-ip webaccelerator	eq	9.4.7
f5:big-ip_webaccelerator	f5 big-ip webaccelerator	eq	9.4.8
f5:big-ip_webaccelerator	f5 big-ip webaccelerator	eq	10.0.0