9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.003 Low
EPSS
Percentile
68.9%
The BIG-IP CLI and Web Management Interface are vulnerable to a remote code-injection because the application fails to properly sanitize user-supplied input. Exploiting this issue may allow an attacker to execute arbitrary code with the privileges of the user running the affected application.
Important: The exploitation risk of this vulnerability is considered to be low, as exploitation requires the user to have a valid authenticated management session. A privileged user should not paste arbitrary or untrusted commands into the BIG-IP system.
Information about this advisory is available at the following location:
Note: This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6474>
F5 Product Development tracked this issue as CR97806, and it was fixed in version 9.4.5. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, Link Controller, or WebAccelerator release notes.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip gtm | le | 9.4.4 | |
big-ip webaccelerator | le | 9.4.4 | |
big-ip ltm | le | 9.6.1 | |
big-ip asm | le | 9.4.4 | |
big-ip link controller | le | 9.4.4 |