Lucene search
K

7 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:52 p.m.33 views

K16728: iCall privilege escalation vulnerability CVE-2015-3628

Security Advisory Description An authenticated user, with Resource Administrator role permissions, is able to use iCall scripts and associated handlers to create and modify user account properties. CVE-2015-3628 Impact An authenticated user with limited access Resource Administration may be able ...

9CVSS6.6AI score0.68483EPSS
Exploits5Affected Software18
Check Point Advisories
Check Point Advisories
added 2017/01/19 12:0 a.m.17 views

F5 Multiple Products iControl iCall Script Privilege Escalation (CVE-2015-3628)

A privilege escalation vulnerability exists in the iControl API in multiple F5 products. The vulnerability is due to insufficient validation of iCall scripts in incomming SOAP requests. A remote, authenticated attacker can exploit this vulnerability by sending malicious SOAP requests to the serve...

9CVSS3.2AI score0.68483EPSS
Exploits5
CVE
CVE
added 2015/12/07 8:0 p.m.92 views

CVE-2015-3628

CVE-2015-3628 covers an authenticated privilege-escalation in the F5 iControl API (iCall) that allows a user with the Resource Administrator role to gain higher privileges via a crafted iCall script or handler in a SOAP request to iControl/iControlPortal.cgi. Technical details across connected do...

9CVSS6.5AI score0.68483EPSS
Exploits5References7Affected Software1
myhack58
myhack58
added 2015/12/04 12:0 a.m.13 views

Use the F5 ICall scripting mention the right vulnerability analysis(CVE-2 0 1 5-3 6 2 8)-vulnerability warning-the black bar safety net

Earlier this year, GDS in F5 BIG-IP LTM found a loophole, this loophole allows limited user access to the system after the extraction and at the mention of the right after the successful remote execution of the command. This article will show you how to manually take advantage of this...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2015/11/19 12:0 a.m.52 views

F5 iControl - 'iCall::Script' Root Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'nokogiri' class Metasploit3 "http://schemas.xmlsoap.org/soap/encoding/" STRINGATTRS = 'xsi:type' = 'urn:Common.StringSequence',...

9CVSS7AI score0.68483EPSS
Exploits5
OpenVAS
OpenVAS
added 2015/09/07 12:0 a.m.31 views

F5 BIG-IP - iCall privilege escalation vulnerability CVE-2015-3628

F5 BIG-IP is prone to a privilege escalation vulnerability SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/h:f5:big-ip"; if...

9CVSS5.2AI score0.68483EPSS
Exploits5References1
Tenable Nessus
Tenable Nessus
added 2015/09/04 12:0 a.m.35 views

F5 Networks BIG-IP : iCall privilege escalation vulnerability (K16728)

An authenticated user, with Resource Administrator role permissions, is able to use iCall scripts and associated handlers to create and modify user account properties. CVE-2015-3628 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from F5...

9CVSS5.4AI score0.68483EPSS
Exploits5References2
Rows per page
Query Builder