CVE-2014-2928 - CERT CVE
ID CVE-2014-2928
Sažetak The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request.
Reference
CVSS
Base: 7.1
Impact: 10.0
Exploitability:3.9
Pristup
VektorSloženostAutentikacija
NETWORK HIGH SINGLE
Impact
PovjerljivostCjelovitostDostupnost
COMPLETE COMPLETE COMPLETE
CVSS vektor AV:N/AC:H/Au:S/C:C/I:C/A:C
Zadnje važnije ažuriranje 20-11-2015 - 16:24
Objavljeno 12-05-2014 - 14:55