Details of VAR-201410-1053

ID

VAR-201410-1053

CVE

CVE-2014-2927

TITLE

plural F5 BIG-IP Product rsync Arbitrary file read vulnerability in daemon

Trust: 0.8

sources: JVNDB: JVNDB-2014-005048

DESCRIPTION

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address. Multiple F5 Networks products are prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the application. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. The following products and versions are affected: F5 BIG-IP 11.6 prior to 11.6.0, 11.5.1 prior to HF3, 11.5.0 prior to HF4, 11.4.1 prior to HF4, 11.4.0 prior to HF7, 11.3 prior to HF9. 0 version, 11.2.1 version before HF11, and 3.x version before Enterprise Manager 3.1.1 HF2

Trust: 1.98

sources: NVD: CVE-2014-2927 // JVNDB: JVNDB-2014-005048 // BID: 69461 // VULHUB: VHN-70866

AFFECTED PRODUCTS

vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.1.0	Trust: 1.6
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.1	Trust: 1.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.1	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.4.1	Trust: 1.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.6.0	Trust: 1.6
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.5.0	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.0.0	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.0.1	Trust: 1.6
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.0	Trust: 1.6
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.4.0	Trust: 1.6
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-iq security	scope:	eq	version:	4.2.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-iq security	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	arx	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-iq cloud	scope:	eq	version:	4.2.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	firepass	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	2.2.0	Trust: 1.0
vendor:	f5	model:	big-iq cloud	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-iq device	scope:	eq	version:	4.3.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	firepass	scope:	eq	version:	6.0.3	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-iq security	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip application acceleration manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-iq security	scope:	eq	version:	4.3.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	arx	scope:	eq	version:	6.2.0	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	2.3.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	2.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-iq cloud	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	f5	model:	big-iq cloud	scope:	eq	version:	4.3.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip policy enforcement manager	scope:	eq	version:	11.5.1	Trust: 1.0
vendor:	f5	model:	firepass	scope:	eq	version:	6.0.2	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip advanced firewall manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	arx	scope:	eq	version:	6.1.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	arx	scope:	eq	version:	6.4.0	Trust: 1.0
vendor:	f5	model:	firepass	scope:	eq	version:	6.1.0	Trust: 1.0
vendor:	f5	model:	firepass	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.4.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.6.0	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	f5	model:	big-ip wan optimization manager	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	f5	model:	big-ip analytics	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	10.2.1	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	10.2.3	Trust: 1.0
vendor:	f5	model:	big-ip webaccelerator	scope:	eq	version:	11.3.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	f5	model:	firepass	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	f5	model:	arx	scope:	eq	version:	6.3.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	arx	scope:	eq	version:	6.1.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.4.1	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	f5	model:	big-ip edge gateway	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	enterprise manager	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	11.2.1	Trust: 1.0
vendor:	f5	model:	big-ip application security manager	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip protocol security module	scope:	eq	version:	10.2.2	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	11.1.0	Trust: 1.0
vendor:	f5	model:	big-ip access policy manager	scope:	eq	version:	11.2.0	Trust: 1.0
vendor:	f5	model:	big-ip global traffic manager	scope:	eq	version:	11.5.0	Trust: 1.0
vendor:	f5	model:	big-ip local traffic manager	scope:	eq	version:	10.2.4	Trust: 1.0
vendor:	f5	model:	big-iq device	scope:	eq	version:	4.2.0	Trust: 1.0
vendor:	f5	model:	big-ip link controller	scope:	eq	version:	10.2.0	Trust: 1.0
vendor:	f5	model:	big-ip	scope:	eq	version:	access policy manager 11.0.0 to 11.5.1	Trust: 0.8
vendor:	f5	model:	big-ip	scope:	eq	version:	advanced firewall manager 11.3.0 to 11.5.1	Trust: 0.8
vendor:	f5	model:	big-ip	scope:	eq	version:	analytics 11.0.0 to 11.5.1	Trust: 0.8
vendor:	f5	model:	big-ip	scope:	eq	version:	application acceleration manager 11.4.0 to 11.5.1	Trust: 0.8
vendor:	f5	model:	big-ip	scope:	eq	version:	application security manager 11.0.0 to 11.5.1	Trust: 0.8
vendor:	f5	model:	big-ip	scope:	eq	version:	edge gateway 11.0.0 to 11.3.0	Trust: 0.8
vendor:	f5	model:	big-ip	scope:	eq	version:	global traffic manager 11.0.0 to 11.5.1	Trust: 0.8
vendor:	f5	model:	big-ip	scope:	eq	version:	link controller 11.0.0 to 11.5.1	Trust: 0.8
vendor:	f5	model:	big-ip	scope:	eq	version:	local traffic manager 11.0.0 to 11.5.1	Trust: 0.8
vendor:	f5	model:	big-ip	scope:	eq	version:	policy enforcement manager 11.3.0 to 11.5.1	Trust: 0.8
vendor:	f5	model:	big-ip	scope:	eq	version:	protocol security module 11.0.0 to 11.4.1	Trust: 0.8
vendor:	f5	model:	big-ip	scope:	eq	version:	wan optimization manager 11.0.0 to 11.3.0	Trust: 0.8
vendor:	f5	model:	big-ip	scope:	eq	version:	webaccelerator 11.0.0 to 11.3.0	Trust: 0.8
vendor:	f5	model:	enterprise manager software	scope:	eq	version:	3.0.0 to 3.1.1	Trust: 0.8

sources: JVNDB: JVNDB-2014-005048 // CNNVD: CNNVD-201408-492 // NVD: CVE-2014-2927

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-2927
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-2927
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201408-492
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-70866
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-2927
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-70866
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-70866 // JVNDB: JVNDB-2014-005048 // CNNVD: CNNVD-201408-492 // NVD: CVE-2014-2927

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-70866 // JVNDB: JVNDB-2014-005048 // NVD: CVE-2014-2927

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-492

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201408-492

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-005048

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-70866

PATCH

title:	SOL15236: ConfigSync IP Rsync full file system access vulnerability	url:	https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15236.html	Trust: 0.8
title:	Hotfix-EM-3.1.1-68.0-HF4	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52009	Trust: 0.6
title:	Hotfix-BIGIP-11.4.0-2440.0-HF7	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52004	Trust: 0.6
title:	Hotfix-BIGIP-11.2.1-1292.0-HF11	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52002	Trust: 0.6
title:	BIGIP-11.6.0.0.0.401	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52008	Trust: 0.6
title:	Hotfix-BIGIP-11.3.0-3158.0-HF9	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52003	Trust: 0.6
title:	Hotfix-BIGIP-11.5.1.3.0.131-HF3	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52007	Trust: 0.6
title:	Hotfix-BIGIP-11.5.0.4.0.245-HF4	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52006	Trust: 0.6
title:	Hotfix-BIGIP-11.4.1-647.0-HF4	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52005	Trust: 0.6

sources: JVNDB: JVNDB-2014-005048 // CNNVD: CNNVD-201408-492

EXTERNAL IDS

db:	NVD	id:	CVE-2014-2927	Trust: 2.8
db:	EXPLOIT-DB	id:	34465	Trust: 1.7
db:	BID	id:	69461	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-005048	Trust: 0.8
db:	CNNVD	id:	CNNVD-201408-492	Trust: 0.7
db:	SEEBUG	id:	SSVID-87225	Trust: 0.1
db:	VULHUB	id:	VHN-70866	Trust: 0.1

sources: VULHUB: VHN-70866 // BID: 69461 // JVNDB: JVNDB-2014-005048 // CNNVD: CNNVD-201408-492 // NVD: CVE-2014-2927

REFERENCES

url:	https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15236.html	Trust: 1.7
url:	http://www.exploit-db.com/exploits/34465	Trust: 1.7
url:	http://www.security-assessment.com/files/documents/advisory/f5_unauthenticated_rsync_access_to_remote_root_code_execution.pdf	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2927	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2927	Trust: 0.8
url:	http://www.securityfocus.com/bid/69461	Trust: 0.6

sources: VULHUB: VHN-70866 // JVNDB: JVNDB-2014-005048 // CNNVD: CNNVD-201408-492 // NVD: CVE-2014-2927

CREDITS

Thomas Hibbert

Trust: 0.9

sources: BID: 69461 // CNNVD: CNNVD-201408-492

SOURCES

db:	VULHUB	id:	VHN-70866
db:	BID	id:	69461
db:	JVNDB	id:	JVNDB-2014-005048
db:	CNNVD	id:	CNNVD-201408-492
db:	NVD	id:	CVE-2014-2927

LAST UPDATE DATE

2024-11-23T21:44:49.294000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-70866	date:	2015-01-26T00:00:00
db:	BID	id:	69461	date:	2015-03-19T09:31:00
db:	JVNDB	id:	JVNDB-2014-005048	date:	2014-10-28T00:00:00
db:	CNNVD	id:	CNNVD-201408-492	date:	2014-10-16T00:00:00
db:	NVD	id:	CVE-2014-2927	date:	2024-11-21T02:07:12.320

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-70866	date:	2014-10-15T00:00:00
db:	BID	id:	69461	date:	2014-08-28T00:00:00
db:	JVNDB	id:	JVNDB-2014-005048	date:	2014-10-28T00:00:00
db:	CNNVD	id:	CNNVD-201408-492	date:	2014-08-28T00:00:00
db:	NVD	id:	CVE-2014-2927	date:	2014-10-15T14:55:06.743