Lucene search

K
f5F5SOL9875
HistoryMar 19, 2009 - 12:00 a.m.

SOL9875 - BIG-IP management interface vulnerability CVE-2008-6474

2009-03-1900:00:00
support.f5.com
180

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

68.9%

The BIG-IP CLI and Web Management Interface are vulnerable to a remote code-injection because the application fails to properly sanitize user-supplied input. Exploiting this issue may allow an attacker to execute arbitrary code with the privileges of the user running the affected application.

Important: The exploitation risk of this vulnerability is considered to be low, as exploitation requires the user to have a valid authenticated management session. A privileged user should not paste arbitrary or untrusted commands into the BIG-IP system.

Information about this advisory is available at the following location:

Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6474&gt;

F5 Product Development tracked this issue as CR97806, and it was fixed in version 9.4.5. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, Link Controller, or WebAccelerator release notes.

9 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

68.9%