CVE-2015-4637
Published Jul 16, 2015
Last updated 9 years ago
Overview
- Description
- The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-17
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-iq_adc:4.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9768142-C554-44DE-B8D5-45CB51E3C34C"
},
{
"criteria": "cpe:2.3:a:f5:big-iq_cloud:4.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF93E82F-D38C-4D4D-99EB-E334EE163C4E"
},
{
"criteria": "cpe:2.3:a:f5:big-iq_cloud:4.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3471D34-A76C-498A-8C45-1553A579A88B"
},
{
"criteria": "cpe:2.3:a:f5:big-iq_device:4.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99E5F378-E93E-45F6-A445-F2DAB5C423F7"
},
{
"criteria": "cpe:2.3:a:f5:big-iq_device:4.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9538F63-3DC9-42CC-87D5-3CA048AE52A6"
},
{
"criteria": "cpe:2.3:a:f5:big-iq_security:4.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0003813A-C1A8-4ED1-A04C-7AE961E7FA22"
},
{
"criteria": "cpe:2.3:a:f5:big-iq_security:4.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DEC1A702-0CCB-48F9-A42E-D8C756DD9D76"
}
],
"operator": "OR"
}
]
}
]