CVE-2015-4637

2015-07-1614:59:04

CWE-17

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.002

Percentile

57.6%

JSON

The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name.

Affected configurations

Nvd

Node

f5big-iq_adcMatch4.5.0

f5big-iq_cloudMatch4.4.0

f5big-iq_cloudMatch4.5.0

f5big-iq_deviceMatch4.4.0

f5big-iq_deviceMatch4.5.0

f5big-iq_securityMatch4.4.0

f5big-iq_securityMatch4.5.0

VendorProductVersionCPE
f5big-iq_adc4.5.0cpe:2.3:a:f5:big-iq_adc:4.5.0:*:*:*:*:*:*:*
f5big-iq_cloud4.4.0cpe:2.3:a:f5:big-iq_cloud:4.4.0:*:*:*:*:*:*:*
f5big-iq_cloud4.5.0cpe:2.3:a:f5:big-iq_cloud:4.5.0:*:*:*:*:*:*:*
f5big-iq_device4.4.0cpe:2.3:a:f5:big-iq_device:4.4.0:*:*:*:*:*:*:*
f5big-iq_device4.5.0cpe:2.3:a:f5:big-iq_device:4.5.0:*:*:*:*:*:*:*
f5big-iq_security4.4.0cpe:2.3:a:f5:big-iq_security:4.4.0:*:*:*:*:*:*:*
f5big-iq_security4.5.0cpe:2.3:a:f5:big-iq_security:4.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	big-iq_adc	4.5.0	cpe:2.3:a:f5:big-iq_adc:4.5.0:::::::*
f5	big-iq_cloud	4.4.0	cpe:2.3:a:f5:big-iq_cloud:4.4.0:::::::*
f5	big-iq_cloud	4.5.0	cpe:2.3:a:f5:big-iq_cloud:4.5.0:::::::*
f5	big-iq_device	4.4.0	cpe:2.3:a:f5:big-iq_device:4.4.0:::::::*
f5	big-iq_device	4.5.0	cpe:2.3:a:f5:big-iq_device:4.5.0:::::::*
f5	big-iq_security	4.4.0	cpe:2.3:a:f5:big-iq_security:4.4.0:::::::*
f5	big-iq_security	4.5.0	cpe:2.3:a:f5:big-iq_security:4.5.0:::::::*