Sign-up

ID

VAR-201411-0351


CVE

CVE-2014-6033


TITLE

F5 BIG-IP Code injection vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201411-021

DESCRIPTION

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6032. Reason: This candidate is a duplicate of CVE-2014-6032. Notes: All CVE users should reference CVE-2014-6032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. F5 Networks BIG-IP is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to obtain potentially sensitive information and to carry out other attacks. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. A security vulnerability exists in the Configuration utility of several F5 products. A remote attacker could exploit this vulnerability to read arbitrary files or cause a denial of service. The following products and versions are affected: F5 BIG-IP LTM, ASM, GTM, Link Controller Version 11.0 to 11.6.0 and 10.0.0 to 10.2.4, AAM 11.4.0 to 11.6.0, ARM 11.3 .0 to 11.6.0, Analytics 11.0.0 to 11.6.0, APM and Edge Gateway 11.0 to 11.6.0 and 10.1.0 to 10.2.4, PEM 11.3.0 to 11.6. 0, PSM 11.0.0 to 11.4.1 and 10.0.0 to 10.2.4, WOM 11.0.0 to 11.3.0 and 10.0.0 to 10.2.4, Enterprise Manager 3.0.0 Version to version 3.1.1 and version 2.1.0 to version 2.3.0

Trust: 1.35

sources: NVD: CVE-2014-6033 // BID: 70838 // VULHUB: VHN-73975 // VULMON: CVE-2014-6033

AFFECTED PRODUCTS

vendor:f5model:big-ipscope:eqversion:11.3.0.39.0

Trust: 0.3

sources: BID: 70838

CVSS

SEVERITY

CVSSV2

CVSSV3

CNNVD: CNNVD-201411-021
value: MEDIUM

Trust: 0.6

VULHUB: VHN-73975
value: MEDIUM

Trust: 0.1

VULHUB: VHN-73975
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-73975 // CNNVD: CNNVD-201411-021

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201411-021

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201411-021

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-73975

PATCH
title:F5 BIG-IP Fixes for code injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=209633
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201411-021

EXTERNAL IDS
db:NVDid:CVE-2014-6033
Trust: 2.1
db:BIDid:70838
Trust: 0.9
db:CNNVDid:CNNVD-201411-021
Trust: 0.6
db:CNNVDid:CNNVD-201410-1432
Trust: 0.1
db:PACKETSTORMid:128915
Trust: 0.1
db:BIDid:70834
Trust: 0.1
db:SECTRACKid:1031145
Trust: 0.1
db:SECTRACKid:1031144
Trust: 0.1
db:VULHUBid:VHN-73975
Trust: 0.1
db:PACKETSTORMid:128916
Trust: 0.1
db:VULMONid:CVE-2014-6033
Trust: 0.1
sources:
            
            
            VULHUB: VHN-73975 // 
            
            
            
            VULMON: CVE-2014-6033 // 
            
            
            
            BID: 70838 // 
            
            
            
            CNNVD: CNNVD-201411-021 // 
            
            
            
            NVD: CVE-2014-6033

REFERENCES
url:http://www.securityfocus.com/bid/70838
Trust: 0.6
url:https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6033/
Trust: 0.4
url:http://www.f5.com/products/big-ip/
Trust: 0.3
url:http://www.securityfocus.com/bid/70834
Trust: 0.1
url:https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15605.html
Trust: 0.1
url:http://seclists.org/fulldisclosure/2014/oct/128
Trust: 0.1
url:http://seclists.org/fulldisclosure/2014/oct/129
Trust: 0.1
url:http://seclists.org/fulldisclosure/2014/oct/130
Trust: 0.1
url:http://packetstormsecurity.com/files/128915/f5-big-ip-11.3.0.39.0-xml-external-entity-injection-1.html
Trust: 0.1
url:https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-6032/
Trust: 0.1
url:http://www.securitytracker.com/id/1031144
Trust: 0.1
url:http://www.securitytracker.com/id/1031145
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/98402
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/98403
Trust: 0.1
url:https://packetstormsecurity.com/files/128916/f5-big-ip-11.3.0.39.0-xml-external-entity-injection-2.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-73975 // 
            
            
            
            VULMON: CVE-2014-6033 // 
            
            
            
            BID: 70838 // 
            
            
            
            CNNVD: CNNVD-201411-021

CREDITS
Oliver Gruskovnjak
Trust: 0.9
sources:
            
            
            BID: 70838 // 
            
            
            
            CNNVD: CNNVD-201411-021

SOURCES
db:VULHUBid:VHN-73975
db:VULMONid:CVE-2014-6033
db:BIDid:70838
db:CNNVDid:CNNVD-201411-021
db:NVDid:CVE-2014-6033

LAST UPDATE DATE
2024-08-14T14:46:39.569000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-73975date:2017-09-08T00:00:00
db:VULMONid:CVE-2014-6033date:2023-11-07T00:00:00
db:BIDid:70838date:2014-10-03T00:00:00
db:CNNVDid:CNNVD-201411-021date:2022-10-08T00:00:00
db:NVDid:CVE-2014-6033date:2023-11-07T02:20:56.233

SOURCES RELEASE DATE
db:VULHUBid:VHN-73975date:2014-11-01T00:00:00
db:VULMONid:CVE-2014-6033date:2014-11-05T00:00:00
db:BIDid:70838date:2014-10-03T00:00:00
db:CNNVDid:CNNVD-201411-021date:2014-10-03T00:00:00
db:NVDid:CVE-2014-6033date:2014-11-05T08:28:25.053