Lucene search
K

30 matches found

CVE
CVE
added 2017/10/27 2:0 p.m.59 views

CVE-2017-6161

CVE-2017-6161 affects F5 BIG-IP ConfigSync (mcpd) across multiple modules (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator). Vulnerable versions include 12.0.0–12.1.2, 11.6.0–11.6.1, 11.4.0–11.5.4, and 11.2.1, where ConfigSync can bypass TLS protec...

5.3CVSS5.2AI score0.00971EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2017/10/27 12:0 a.m.31 views

F5 Networks BIG-IP : ConfigSync mcpd vulnerability (K62279530)

When configuration synchronization ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypt and authenticate connections to mcpd. CVE-2017-6161 Impact This vulnerability may allow remote attackers to cause a denial-of-service DoS...

5.3CVSS5.8AI score0.00971EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/01/19 12:0 a.m.31 views

Multiple F5 Networks Products - ConfigSync IP Rsync full file system access vulnerability CVE-2014-2927 - Active Check

Multiple F5 Networks Products are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.3CVSS5.5AI score0.0792EPSS
Exploits5References2
Prion
Prion
added 2014/10/15 2:55 p.m.31 views

Authentication flaw

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remo...

9.3CVSS7.1AI score0.0792EPSS
Exploits5References3Affected Software19
Tenable Nessus
Tenable Nessus
added 2014/10/14 12:0 a.m.74 views

F5 Networks rsync RCE

The rsync daemon on the remote F5 Networks host is affected by an authentication bypass vulnerability when configured in failover mode. An unauthenticated, remote attacker can exploit this, via a cmi request to the ConfigSync IP address, to read or write arbitrary files. Nessus was able to confir...

9.3CVSS6.1AI score0.0792EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2014/10/10 12:0 a.m.38 views

F5 Networks BIG-IP : ConfigSync IP Rsync full file system access vulnerability (K15236)

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remo...

9.3CVSS5.5AI score0.0792EPSS
Exploits5References2
Saint
Saint
added 2014/09/02 12:0 a.m.83 views

F5 rsync daemon ConfigSync interface cmi module vulnerability

Added: 09/02/2014 CVE: CVE-2014-2927 BID: 69461 OSVDB: 110595 Background F5 BIG-IP is a suite of security, availability and acceleration products. Problem When configured to support failover, multiple BIG-IP products are vulnerable to an unauthenticated rsync access vulnerability that can be...

9.3CVSS7.3AI score0.0792EPSS
Exploits5
Saint
Saint
added 2014/09/02 12:0 a.m.40 views

F5 rsync daemon ConfigSync interface cmi module vulnerability

Added: 09/02/2014 CVE: CVE-2014-2927 BID: 69461 OSVDB: 110595 Background F5 BIG-IP is a suite of security, availability and acceleration products. Problem When configured to support failover, multiple BIG-IP products are vulnerable to an unauthenticated rsync access vulnerability that can be...

9.3CVSS7.3AI score0.0792EPSS
Exploits5
Exploit DB
Exploit DB
added 2014/08/29 12:0 a.m.50 views

F5 Big-IP - rsync Access

When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance. The BigIP platform configures an rsync daemon listening on the ConfigSync...

7.4AI score
Exploits0
F5 Networks
F5 Networks
added 2014/08/28 12:0 a.m.57 views

SOL15236 - ConfigSync IP Rsync full file system access vulnerability CVE-2014-2927

Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...

9.3CVSS6.2AI score0.0792EPSS
Exploits5References7
Rows per page
Query Builder