CVE-2014-2928
Published May 12, 2014
Last updated 9 years ago
Overview
- Description
- The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request.
- Source
- cret@cert.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.1
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:N/AC:H/Au:S/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- Per: http://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9CB7340E-36AE-40F0-8B38-247803F97038"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CEFEE12B-A78F-4288-A98F-2497531D0EAB"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D4AE2CE-4A4B-4B5F-992C-F939E1CDE6FA"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BAB821F7-26DB-4C74-9129-BBC50DF0C2F9"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD6FE682-3B40-42B0-A3BC-4281F0003248"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BFC8D1C6-69AC-4423-A1C7-4093236A7F51"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38CDACEA-9235-4B7F-AC2B-4ACFB4BD9918"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF5FC5A6-0CD0-47E3-87F9-F09BB1B4B920"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7317A692-0D9D-4DF4-99AD-893187E3F298"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E951823B-9791-48C7-A804-18FEBEC31279"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E3427DB-2918-4934-A3C1-FA5F1632364F"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78F1A903-4AF5-4FE6-92B0-9F0B64723804"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "383966C0-2FDD-4755-BA16-EE73D4577DFD"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2AD7519A-2F81-42CB-A18A-0BA9DB0F90D0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F16F5CB9-3A92-4A96-BC24-993FCF3DC13F"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2748B48B-3E2A-4837-981E-5049CF627CBC"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A2E767A-65BC-420B-9BA3-12B51575FB37"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5E8E654-DA20-45F9-A25E-44D1E31F64C6"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C8FCFDA-703B-42DC-91FF-00066E88E49D"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3CA49611-A8E4-454E-98AD-B64C0202838F"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF7FCC81-2F1D-4EF5-956B-085FB7FEFAE7"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "200A9CE9-E56D-4EFA-AC8A-954F945DDDBB"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E1C4384-1728-4A71-8634-DCE3F2AEB8F2"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1AC8AA37-9962-4CF6-99E5-A6F94582B107"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF1FD1C1-6980-4E9F-8DEF-D9E552510481"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9F443F1-C43F-42AD-98E4-AE11C72F363E"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1AF61656-A266-4A2D-A001-54339716A4A8"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3FC92F47-75EB-487A-B4A2-2B0B4C78B10D"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C72FF118-E7A5-42DE-A9A0-703E71615045"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:9.4.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8463B1D-8442-4D50-BAAA-122280496A98"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:9.4.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6448016D-1A8E-42E3-81F8-80772D4EE6B5"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:9.4.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C54690EB-578A-45DA-9324-4CE84B084BCF"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:9.4.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50B828D6-7221-4F94-9C0D-4483E60576EF"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2691943C-1FD1-43EE-B070-E35710E426ED"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B10D9D9-BC40-4889-9196-C8EA7C571160"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "288EB1AC-9DE3-4FE2-AE4D-006A49199877"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1405D7AE-D14C-40F6-9144-EF2F18A6EBC1"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E807E667-0597-4F14-902A-B922C94F572C"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02614B4F-0E90-456E-B7ED-387A3007FB45"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F482624A-BE79-4A87-B676-DBB57369D31C"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77888947-80CB-46B3-910E-DCCFDF6B3D47"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3251DB7F-0436-48D5-AF7B-F812237DB926"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8600FF27-4407-4755-A1E3-5648D9ACCB1C"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3A84AF1-A18E-4AFD-B85E-49CE46A548D8"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA54B88F-4A16-4F40-8A3B-B107F0CA2334"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17C28542-51A4-4464-ADF9-C6376F829F4A"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "584853F9-644F-40B2-A28F-1CE9B51F84F6"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFE665CF-A633-474E-9519-D20E3D3958CF"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71578014-E3CD-40A9-8AE4-537C970B4B2F"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A4D2DA3-1EF3-428A-ACC0-1C438D6F8648"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4758B4CB-5CD9-4505-8E91-E5E849937A63"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C801C53F-9ECC-42B9-A119-5046706CA621"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02A544E4-B9BB-4735-8239-4FC57473BB1E"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "91E5BF8D-7391-49E3-A17A-26A1F138A3C0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C2FFC93-7053-441C-AD96-ED57F97E9A70"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65D810F8-6062-4901-9832-226F80287C8F"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBC2A0DC-D931-4450-8D0F-3223A8EDCED9"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6C19BDD-1286-48C7-8E7D-66C100D02319"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B4653A4-833F-4381-86E9-452F19A53868"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FFCB7C80-DDA6-421C-92E8-E6E56E414E81"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "494085EA-7445-4592-8795-DCC035BDDC52"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "094BD2B6-E269-4647-A77C-B584805B6203"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16ACB60E-B9E9-402A-BE42-DF5C892C2257"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5EE87BAD-382E-4FA7-BCF9-88EFA36DAB3E"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6363B0D-AC1F-4AF5-BC02-19F77A85F3AC"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80B80111-6F28-4E7F-B9DE-27825866A138"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A8D0587-ED89-4CDB-960D-37FBD522B146"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B77088CC-8C8C-4D6E-9770-634A5BF62A3D"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9AA7DCB7-D01E-492A-A810-01B15F03A783"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB441DC5-813E-4E59-87B8-15731291B135"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F89F4A12-710E-4F7A-9A8D-D8B91889A279"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "126AD92E-6816-42C0-8801-A81B59C11A56"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "890F363A-FC4F-4F52-BBFF-E959F65043A6"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4CE899AF-EA61-4B9D-9523-BF436614CE21"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5BA7D7A-02C8-411A-AFBF-D523E57A66C0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C14D0DD3-E6A9-43C8-85D7-6DBB16E30DD5"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5BE38A0-CD2F-4C18-9EE3-D56A23BDB73A"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "476D58C4-7699-45AC-B987-B42B5488240B"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30A1197A-7196-49AA-B368-5539180B8B93"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3F73DC1-9174-4842-B772-D277D293214A"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD575B3E-FBA9-443A-9B52-49766DBE40C4"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:10.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D982EE29-D298-4D39-897A-580D867CDE50"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:10.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D477F539-2E79-47BB-A8CF-F3A73AA72A27"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:10.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C70B0F91-B269-4753-92E5-69F49CCB498D"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:10.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44847A70-9301-4C53-93AF-8888CF074F6C"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "53531CA7-5E47-4C46-BDA5-3B4710085078"
}
],
"operator": "OR"
}
]
}
]