Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-2928

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request.

Published

2014-05-12T14:55:06.587

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.1 (HIGH)

CVSSv2 Vector

AV:N/AC:H/Au:S/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: HIGH
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application f5 big-ip_webaccelerator 9.4.0 Yes
Application f5 big-ip_webaccelerator 9.4.1 Yes
Application f5 big-ip_webaccelerator 9.4.2 Yes
Application f5 big-ip_webaccelerator 9.4.3 Yes
Application f5 big-ip_webaccelerator 9.4.4 Yes
Application f5 big-ip_webaccelerator 9.4.5 Yes
Application f5 big-ip_webaccelerator 9.4.6 Yes
Application f5 big-ip_webaccelerator 9.4.7 Yes
Application f5 big-ip_webaccelerator 9.4.8 Yes
Application f5 big-ip_webaccelerator 10.0.0 Yes
Application f5 big-ip_webaccelerator 10.0.1 Yes
Application f5 big-ip_webaccelerator 10.1.0 Yes
Application f5 big-ip_webaccelerator 10.2.0 Yes
Application f5 big-ip_webaccelerator 10.2.1 Yes
Application f5 big-ip_webaccelerator 10.2.2 Yes
Application f5 big-ip_webaccelerator 10.2.3 Yes
Application f5 big-ip_webaccelerator 10.2.4 Yes
Application f5 big-ip_webaccelerator 11.0.0 Yes
Application f5 big-ip_webaccelerator 11.1.0 Yes
Application f5 big-ip_webaccelerator 11.2.0 Yes
Application f5 big-ip_webaccelerator 11.2.1 Yes
Application f5 big-ip_webaccelerator 11.3.0 Yes
Application f5 big-ip_local_traffic_manager 10.0.0 Yes
Application f5 big-ip_local_traffic_manager 10.0.1 Yes
Application f5 big-ip_local_traffic_manager 10.1.0 Yes
Application f5 big-ip_local_traffic_manager 10.2.0 Yes
Application f5 big-ip_local_traffic_manager 10.2.1 Yes
Application f5 big-ip_local_traffic_manager 10.2.2 Yes
Application f5 big-ip_local_traffic_manager 11.0.0 Yes
Application f5 big-ip_protocol_security_module 9.4.5 Yes
Application f5 big-ip_protocol_security_module 9.4.6 Yes
Application f5 big-ip_protocol_security_module 9.4.7 Yes
Application f5 big-ip_protocol_security_module 9.4.8 Yes
Application f5 big-ip_protocol_security_module 10.0.0 Yes
Application f5 big-ip_protocol_security_module 10.0.1 Yes
Application f5 big-ip_protocol_security_module 10.1.0 Yes
Application f5 big-ip_protocol_security_module 10.2.0 Yes
Application f5 big-ip_protocol_security_module 10.2.1 Yes
Application f5 big-ip_protocol_security_module 10.2.2 Yes
Application f5 big-ip_protocol_security_module 10.2.3 Yes
Application f5 big-ip_protocol_security_module 10.2.4 Yes
Application f5 big-ip_protocol_security_module 11.0.0 Yes
Application f5 big-ip_protocol_security_module 11.1.0 Yes
Application f5 big-ip_protocol_security_module 11.2.0 Yes
Application f5 big-ip_protocol_security_module 11.2.1 Yes
Application f5 big-ip_protocol_security_module 11.3.0 Yes
Application f5 big-ip_protocol_security_module 11.4.0 Yes
Application f5 big-ip_protocol_security_module 11.4.1 Yes
Application f5 big-ip_link_controller 10.0.0 Yes
Application f5 big-ip_link_controller 10.0.1 Yes
Application f5 big-ip_link_controller 10.1.0 Yes
Application f5 big-ip_link_controller 10.2.0 Yes
Application f5 big-ip_link_controller 10.2.1 Yes
Application f5 big-ip_link_controller 10.2.2 Yes
Application f5 big-ip_link_controller 11.0.0 Yes
Application f5 big-ip_application_security_manager 10.0.0 Yes
Application f5 big-ip_application_security_manager 10.0.1 Yes
Application f5 big-ip_application_security_manager 10.1.0 Yes
Application f5 big-ip_application_security_manager 10.2.0 Yes
Application f5 big-ip_application_security_manager 10.2.1 Yes
Application f5 big-ip_application_security_manager 10.2.2 Yes
Application f5 big-ip_application_security_manager 11.0.0 Yes
Application f5 big-ip_global_traffic_manager 10.0.0 Yes
Application f5 big-ip_global_traffic_manager 10.0.1 Yes
Application f5 big-ip_global_traffic_manager 10.1.0 Yes
Application f5 big-ip_global_traffic_manager 10.2.0 Yes
Application f5 big-ip_global_traffic_manager 10.2.1 Yes
Application f5 big-ip_global_traffic_manager 10.2.2 Yes
Application f5 big-ip_global_traffic_manager 11.0.0 Yes
Application f5 big-ip_wan_optimization_manager 10.0.0 Yes
Application f5 big-ip_wan_optimization_manager 10.0.1 Yes
Application f5 big-ip_wan_optimization_manager 10.1.0 Yes
Application f5 big-ip_wan_optimization_manager 10.2.0 Yes
Application f5 big-ip_wan_optimization_manager 10.2.1 Yes
Application f5 big-ip_wan_optimization_manager 10.2.2 Yes
Application f5 big-ip_wan_optimization_manager 11.0.0 Yes
Application f5 big-ip_access_policy_manager 10.1.0 Yes
Application f5 big-ip_access_policy_manager 10.2.0 Yes
Application f5 big-ip_access_policy_manager 10.2.1 Yes
Application f5 big-ip_access_policy_manager 10.2.2 Yes
Application f5 big-ip_access_policy_manager 11.0.0 Yes
Application f5 big-ip_edge_gateway 10.1.0 Yes
Application f5 big-ip_edge_gateway 10.2.0 Yes
Application f5 big-ip_edge_gateway 10.2.1 Yes
Application f5 big-ip_edge_gateway 10.2.2 Yes
Application f5 big-ip_edge_gateway 11.0.0 Yes
References