9
CVSSv2

CVE-2014-3220

Published: 05/05/2014 Updated: 23/05/2014
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
VMScore: 905
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

F5 BIG-IQ Cloud and Security 4.0.0 up to and including 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/.

Affected Products

Vendor Product Versions
F5Big-iq4.1.0.2013.0

Exploits

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' require 'json' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info={}) ...