Published: 05/05/2014 Updated: 23/05/2014

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

VMScore: 905

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

F5 BIG-IQ Cloud and Security 4.0.0 up to and including 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
f5 big-iq 4.1.0.2013.0

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' require 'json' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info={}) ...

CWE-255 https://gist.github.com/brandonprry/2e73acd63094fa2a4f63 http://seclists.org/fulldisclosure/2014/May/11 http://volatile-minds.blogspot.com/2014/05/f5-big-iq-v41020130-authenticated.html http://seclists.org/fulldisclosure/2014/May/10 http://www.securityfocus.com/bid/67191 http://www.securityfocus.com/bid/67227 http://seclists.org/fulldisclosure/2014/May/16 http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15229.html http://secunia.com/advisories/58440 http://www.exploit-db.com/exploits/33143 https://nvd.nist.gov https://www.exploit-db.com/exploits/33143/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-3220

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect