2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
8.6%
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.
*This vulnerability affects only 32-bit based systems. To determine if your BIG-IP device is a 32-bit based system, you can type the following command from the BIG-IP command line:
uname -m
32-bit systems will return i686 or** i386** and 64-bit systems will returnx86_64.
Recommended Action
The F5 vulnerability severity has been marked as LOW due to the requirement that the attacker has local access and exposes partial confidentiality and/or integrity.
To mitigate this vulnerability for the BIG-IP system, you should permit management access to F5 products only over a secure network, and limit shell access to trusted users. For more information, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system.
Supplemental Information
support.f5.com/kb/en-us/solutions/public/0000/100/sol167.html
support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html
support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html