7.6 High
AI Score
Confidence
High
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.067 Low
EPSS
Percentile
93.2%
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory
. (
CVE-2013-6435
)
Impact
In normal BIG-IP operation, F5 does not support system administrators installing RPM packages. An attacker with local-only access can trigger this condition. The necessary steps to achieve this condition require that the user have system shell access and the ability to load files onto the BIG-IP system.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip afm | eq | 11.3.0 | |
big-ip afm | eq | 11.4.0 | |
big-ip afm | eq | 11.4.1 | |
big-ip afm | eq | 11.5.0 | |
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.5.4 | |
big-ip afm | eq | 11.6.0 | |
big-ip afm | eq | 11.6.1 |