Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2014-2927

Published: 15/10/2014 Updated: 26/01/2015
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Big-ip Access Policy Manager

Vulnerability Summary

The rsync daemon in F5 BIG-IP 11.6 prior to 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x prior to 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote malicious users to read or write to arbitrary files via a cmi request to the ConfigSync IP address.

Vulnerable Product Search on Vulmon Subscribe to Product

f5 big-ip access policy manager 11.2.0

f5 big-ip access policy manager 11.1.0

f5 big-ip access policy manager 11.0.0

f5 big-ip access policy manager 10.2.4

f5 big-ip analytics 11.5.0

f5 big-ip analytics 11.4.1

f5 big-ip analytics 11.4.0

f5 big-ip analytics 11.3.0

f5 big-ip application security manager 11.4.1

f5 big-ip application security manager 11.4.0

f5 big-ip application security manager 11.3.0

f5 big-ip application security manager 11.2.1

f5 big-ip application security manager 11.2.0

f5 big-ip edge gateway 11.2.0

f5 big-ip edge gateway 11.1.0

f5 big-ip edge gateway 11.0.0

f5 big-ip edge gateway 10.2.4

f5 big-ip global traffic manager 11.1.0

f5 big-ip global traffic manager 11.0.0

f5 big-ip global traffic manager 10.2.4

f5 big-ip global traffic manager 10.2.3

f5 big-ip link controller 11.2.1

f5 big-ip link controller 11.2.0

f5 big-ip link controller 11.1.0

f5 big-ip link controller 11.0.0

f5 big-ip link controller 10.2.4

f5 big-ip local traffic manager 11.3.0

f5 big-ip local traffic manager 11.2.1

f5 big-ip local traffic manager 11.2.0

f5 big-ip local traffic manager 11.1.0

f5 big-ip policy enforcement manager 11.4.0

f5 big-ip policy enforcement manager 11.3.0

f5 big-ip protocol security module 11.4.1

f5 big-ip protocol security module 11.4.0

f5 big-ip wan optimization manager 11.3.0

f5 big-ip wan optimization manager 11.2.1

f5 big-ip wan optimization manager 11.2.0

f5 big-ip wan optimization manager 11.1.0

f5 big-ip webaccelerator 11.1.0

f5 big-ip webaccelerator 11.0.0

f5 big-ip webaccelerator 10.2.4

f5 big-ip webaccelerator 10.2.3

f5 big-ip webaccelerator 10.2.2

f5 big-iq security 4.2.0

f5 big-iq security 4.1.0

f5 big-iq security 4.0.0

f5 firepass 7.0.0

f5 enterprise manager 3.0.0

f5 enterprise manager 2.3.0

f5 enterprise manager 2.2.0

f5 enterprise manager 2.1.0

f5 big-ip access policy manager 11.6.0

f5 big-ip access policy manager 11.5.1

f5 big-ip access policy manager 11.5.0

f5 big-ip access policy manager 10.1.0

f5 big-ip advanced firewall manager 11.6.0

f5 big-ip advanced firewall manager 11.5.1

f5 big-ip advanced firewall manager 11.5.0

f5 big-ip application acceleration manager 11.6.0

f5 big-ip application acceleration manager 11.5.1

f5 big-ip application acceleration manager 11.5.0

f5 big-ip application acceleration manager 11.4.1

f5 big-ip application security manager 10.2.2

f5 big-ip application security manager 10.2.1

f5 big-ip application security manager 10.2.0

f5 big-ip application security manager 10.1.0

f5 big-ip edge gateway 10.1.0

f5 big-ip global traffic manager 11.6.0

f5 big-ip global traffic manager 11.5.1

f5 big-ip global traffic manager 11.5.0

f5 big-ip global traffic manager 11.4.1

f5 big-ip global traffic manager 10.0.1

f5 big-ip global traffic manager 10.0.0

f5 big-ip link controller 11.6.0

f5 big-ip link controller 11.5.1

f5 big-ip link controller 10.1.0

f5 big-ip link controller 10.0.1

f5 big-ip link controller 10.0.0

f5 big-ip local traffic manager 11.6.0

f5 big-ip local traffic manager 10.2.0

f5 big-ip local traffic manager 10.1.0

f5 big-ip local traffic manager 10.0.1

f5 big-ip local traffic manager 10.0.0

f5 big-ip protocol security module 11.0.0

f5 big-ip protocol security module 10.2.4

f5 big-ip protocol security module 10.2.3

f5 big-ip protocol security module 10.2.2

f5 big-ip wan optimization manager 10.2.1

f5 big-ip wan optimization manager 10.2.0

f5 big-ip wan optimization manager 10.1.0

f5 big-ip wan optimization manager 10.0.1

f5 big-ip webaccelerator 10.0.0

f5 big-iq cloud 4.3.0

f5 big-iq cloud 4.2.0

f5 big-iq cloud 4.1.0

f5 firepass 6.0.0

f5 arx 6.4.0

f5 arx 6.3.0

f5 arx 6.2.0

f5 arx 6.1.1

f5 big-ip access policy manager 11.4.1

f5 big-ip access policy manager 11.3.0

f5 big-ip access policy manager 10.2.2

f5 big-ip access policy manager 10.2.0

f5 big-ip advanced firewall manager 11.4.1

f5 big-ip advanced firewall manager 11.3.0

f5 big-ip analytics 11.5.1

f5 big-ip analytics 11.2.1

f5 big-ip analytics 11.1.0

f5 big-ip application security manager 11.6.0

f5 big-ip application security manager 11.5.0

f5 big-ip application security manager 11.0.0

f5 big-ip application security manager 10.2.3

f5 big-ip application security manager 10.0.1

f5 big-ip edge gateway 11.3.0

f5 big-ip edge gateway 10.2.2

f5 big-ip edge gateway 10.2.0

f5 big-ip global traffic manager 11.3.0

f5 big-ip global traffic manager 11.2.0

f5 big-ip global traffic manager 10.2.2

f5 big-ip global traffic manager 10.2.0

f5 big-ip link controller 11.4.1

f5 big-ip link controller 11.3.0

f5 big-ip link controller 10.2.2

f5 big-ip link controller 10.2.0

f5 big-ip local traffic manager 11.5.1

f5 big-ip local traffic manager 11.4.1

f5 big-ip local traffic manager 10.2.4

f5 big-ip local traffic manager 10.2.2

f5 big-ip policy enforcement manager 11.5.1

f5 big-ip policy enforcement manager 11.4.1

f5 big-ip protocol security module 11.3.0

f5 big-ip protocol security module 11.2.0

f5 big-ip protocol security module 10.2.0

f5 big-ip protocol security module 10.0.1

f5 big-ip wan optimization manager 10.2.4

f5 big-ip wan optimization manager 10.2.2

f5 big-ip wan optimization manager 10.0.0

f5 big-ip webaccelerator 11.2.1

f5 big-ip webaccelerator 10.2.1

f5 big-ip webaccelerator 10.1.0

f5 big-iq device 4.3.0

f5 big-iq security 4.3.0

f5 firepass 6.1.0

f5 firepass 6.0.2

f5 arx 6.1.0

f5 enterprise manager 3.1.1

f5 big-ip access policy manager 11.4.0

f5 big-ip access policy manager 11.2.1

f5 big-ip access policy manager 10.2.3

f5 big-ip access policy manager 10.2.1

f5 big-ip advanced firewall manager 11.4.0

f5 big-ip analytics 11.6.0

f5 big-ip analytics 11.2.0

f5 big-ip analytics 11.0.0

f5 big-ip application acceleration manager 11.4.0

f5 big-ip application security manager 11.5.1

f5 big-ip application security manager 11.1.0

f5 big-ip application security manager 10.2.4

f5 big-ip application security manager 10.0.0

f5 big-ip edge gateway 11.2.1

f5 big-ip edge gateway 10.2.3

f5 big-ip edge gateway 10.2.1

f5 big-ip global traffic manager 11.4.0

f5 big-ip global traffic manager 11.2.1

f5 big-ip global traffic manager 10.2.1

f5 big-ip global traffic manager 10.1.0

f5 big-ip link controller 11.5.0

f5 big-ip link controller 11.4.0

f5 big-ip link controller 10.2.3

f5 big-ip link controller 10.2.1

f5 big-ip local traffic manager 11.5.0

f5 big-ip local traffic manager 11.4.0

f5 big-ip local traffic manager 11.0.0

f5 big-ip local traffic manager 10.2.3

f5 big-ip local traffic manager 10.2.1

f5 big-ip policy enforcement manager 11.6.0

f5 big-ip policy enforcement manager 11.5.0

f5 big-ip protocol security module 11.2.1

f5 big-ip protocol security module 11.1.0

f5 big-ip protocol security module 10.2.1

f5 big-ip protocol security module 10.1.0

f5 big-ip protocol security module 10.0.0

f5 big-ip wan optimization manager 11.0.0

f5 big-ip wan optimization manager 10.2.3

f5 big-ip webaccelerator 11.3.0

f5 big-ip webaccelerator 11.2.0

f5 big-ip webaccelerator 10.2.0

f5 big-ip webaccelerator 10.0.1

f5 big-iq cloud 4.0.0

f5 big-iq device 4.2.0

f5 firepass 6.0.3

f5 firepass 6.0.1

f5 arx 6.0.0

f5 enterprise manager 3.1.0

Exploits

Exploit DB: F5 Big-IP - rsync Access
When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance The BigIP platform configures an rsync daemon listening on the ConfigSync interfaces when the system is configured in a failover mod ...

References

CWE-287https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15236.htmlhttp://www.security-assessment.com/files/documents/advisory/F5_Unauthenticated_rsync_access_to_Remote_Root_Code_Execution.pdfhttp://www.exploit-db.com/exploits/34465https://nvd.nist.govhttps://www.exploit-db.com/exploits/34465/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook