6 matches found
K15229: BIG-IQ / BIG-IP privilege escalation vulnerability CVE-2014-3220
Security Advisory Description F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/. CVE-2014-3220 Impact An authenticated user with limited...
F5 BIG-IP - privilege escalation vulnerability CVE-2014-3220
The remote host is missing a security patch. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if description...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3220. Reason: This candidate is a reservation duplicate of CVE-2014-3220. Notes: All CVE users should reference CVE-2014-3220 instead of this candidate. All references and descriptions in this candidate have been removed to...
F5 Networks BIG-IQ Configuration Utility Privilege Escalation
According to its version number, the remote F5 Networks BIG-IQ device is affected by a privilege escalation vulnerability that allows remote, authenticated users to change the password of other users such as the default 'root' user via a specially crafted request to the web configuration utility...
CVE-2014-3220
F5 BIG-IQ Cloud and Security 4.0.0–4.1.0 are vulnerable to CVE-2014-3220 via an authenticated user changing passwords of arbitrary users in mgmt/shared/authz/users/ due to a flaw in configuration utility access control. The advisory notes that an authenticated user with limited access could gain ...
SOL15229 - BIG-IQ / BIG-IP privilege escalation vulnerability CVE-2014-3220
If the BIG-IQ 4.1 system is used to discover a BIG-IP 11.3.0 or 11.4.0 system, an authenticated user on the BIG-IP system may be able to modify the password of another user, including an administrator. Recommended Action If the previous table lists a version in the Versions known to be not...