30 matches found
CVE-2017-6161
CVE-2017-6161 affects F5 BIG-IP ConfigSync (mcpd) across multiple modules (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator). Vulnerable versions include 12.0.0–12.1.2, 11.6.0–11.6.1, 11.4.0–11.5.4, and 11.2.1, where ConfigSync can bypass TLS protec...
F5 Networks BIG-IP : ConfigSync mcpd vulnerability (K62279530)
When configuration synchronization ConfigSync is configured, attackers on adjacent networks may be able to bypass the TLS protections usually used to encrypt and authenticate connections to mcpd. CVE-2017-6161 Impact This vulnerability may allow remote attackers to cause a denial-of-service DoS...
Multiple F5 Networks Products - ConfigSync IP Rsync full file system access vulnerability CVE-2014-2927 - Active Check
Multiple F5 Networks Products are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Authentication flaw
The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remo...
F5 Networks rsync RCE
The rsync daemon on the remote F5 Networks host is affected by an authentication bypass vulnerability when configured in failover mode. An unauthenticated, remote attacker can exploit this, via a cmi request to the ConfigSync IP address, to read or write arbitrary files. Nessus was able to confir...
F5 Networks BIG-IP : ConfigSync IP Rsync full file system access vulnerability (K15236)
The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remo...
F5 rsync daemon ConfigSync interface cmi module vulnerability
Added: 09/02/2014 CVE: CVE-2014-2927 BID: 69461 OSVDB: 110595 Background F5 BIG-IP is a suite of security, availability and acceleration products. Problem When configured to support failover, multiple BIG-IP products are vulnerable to an unauthenticated rsync access vulnerability that can be...
F5 rsync daemon ConfigSync interface cmi module vulnerability
Added: 09/02/2014 CVE: CVE-2014-2927 BID: 69461 OSVDB: 110595 Background F5 BIG-IP is a suite of security, availability and acceleration products. Problem When configured to support failover, multiple BIG-IP products are vulnerable to an unauthenticated rsync access vulnerability that can be...
F5 Big-IP - rsync Access
When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance. The BigIP platform configures an rsync daemon listening on the ConfigSync...
SOL15236 - ConfigSync IP Rsync full file system access vulnerability CVE-2014-2927
Recommended Action If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the table does not list any version in the column, then no upgrade candidate currently exists. To mitigate this...