CVE-2015-3628
9.0
Vector
AV:N/AC:L/Au:S/C:C/I:C/A:C
Exploitability: 8.0 / Impact: 10.0
Source: NVD
Description
The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0, BIG-IP GTM 11.3.0 before 11.6.0 HF6, BIG-IP PSM 11.3.0 through 11.4.1, Enterprise Manager 3.1.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote authenticated users with the "Resource Administrator" role to gain privileges via an iCall (1) script or (2) handler in a SOAP request to iControl/iControlPortal.cgi.
Affected (97)
Products: F5: Big Iq Security, Big Ip Application Acceleration Manager, Big Ip Wan Optimization Manager, Big Iq Adc, Big Ip Application Security Manager, Big Ip Global Traffic Manager, Big Iq Device, Big Ip Edge Gateway, Big Ip Local Traffic Manager, Big Ip Access Policy Manager, Big Ip Policy Enforcement Manager, Big Iq Cloud, Big Ip Analytics, Big Ip Protocol Security Module, Big Ip Webaccelerator, Big Ip Link Controller, Big Ip Enterprise Manager, Big Ip Advanced Firewall Manager
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.0.0 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.4.0 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.5.0 |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.2.0 |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 4.0.0 |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Version 3.0.0 |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.3.0 |
Related CWEs
References (14)
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.