A format string vulnerability exists in iControl SOAP that allows an authenticated malicious user to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the malicious user to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
f5 big-ip application security manager 13.1.0 |
||
f5 big-ip advanced firewall manager 17.0.0 |
||
f5 big-ip advanced firewall manager 13.1.5 |
||
f5 big-ip access policy manager 17.0.0 |
||
f5 big-ip access policy manager 13.1.5 |
||
f5 big-ip analytics 17.0.0 |
||
f5 big-ip analytics 13.1.5 |
||
f5 big-ip application security manager 17.0.0 |
||
f5 big-ip application acceleration manager 17.0.0 |
||
f5 big-ip application acceleration manager 13.1.5 |
||
f5 big-ip policy enforcement manager 17.0.0 |
||
f5 big-ip policy enforcement manager 13.1.5 |
||
f5 big-ip local traffic manager 17.0.0 |
||
f5 big-ip local traffic manager 13.1.5 |
||
f5 big-ip link controller 17.0.0 |
||
f5 big-ip link controller 13.1.5 |
||
f5 big-ip fraud protection service 17.0.0 |
||
f5 big-ip fraud protection service 13.1.5 |
||
f5 big-ip domain name system 17.0.0 |
||
f5 big-ip ssl orchestrator 13.1.5 |
||
f5 big-ip ddos hybrid defender 13.1.5 |
||
f5 big-ip application security manager |
||
f5 big-ip access policy manager |
||
f5 big-ip advanced firewall manager |
||
f5 big-ip analytics |
||
f5 big-ip ddos hybrid defender |
||
f5 big-ip domain name system |
||
f5 big-ip link controller |
||
f5 big-ip local traffic manager |
||
f5 big-ip policy enforcement manager |
||
f5 big-ip ssl orchestrator |
||
f5 big-ip application acceleration manager |
||
f5 big-ip fraud protection service |
||
f5 big-ip ssl orchestrator 17.0.0 |
Vulmon