{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-07T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-11-14T14:57:00.000Z", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "20140507 Moar F5 fun in iControl API", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/May/32"}, {"name": "34927", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/34927"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html"}, {"name": "106728", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/106728"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2014-2928", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20140507 Moar F5 fun in iControl API", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/May/32"}, {"name": "34927", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/34927"}, {"name": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html", "refsource": "CONFIRM", "url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html"}, {"name": "106728", "refsource": "OSVDB", "url": "http://www.osvdb.org/106728"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:28:46.191Z"}, "title": "CVE Program Container", "references": [{"name": "20140507 Moar F5 fun in iControl API", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2014/May/32"}, {"name": "34927", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/34927"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html"}, {"name": "106728", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/106728"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2014-2928", "datePublished": "2014-05-12T14:00:00.000Z", "dateReserved": "2014-04-21T00:00:00.000Z", "dateUpdated": "2024-08-06T10:28:46.191Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9CB7340E-36AE-40F0-8B38-247803F97038", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "CEFEE12B-A78F-4288-A98F-2497531D0EAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "1D4AE2CE-4A4B-4B5F-992C-F939E1CDE6FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "BAB821F7-26DB-4C74-9129-BBC50DF0C2F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "CD6FE682-3B40-42B0-A3BC-4281F0003248", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "BFC8D1C6-69AC-4423-A1C7-4093236A7F51", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "38CDACEA-9235-4B7F-AC2B-4ACFB4BD9918", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "BF5FC5A6-0CD0-47E3-87F9-F09BB1B4B920", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:9.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "7317A692-0D9D-4DF4-99AD-893187E3F298", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E951823B-9791-48C7-A804-18FEBEC31279", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "2E3427DB-2918-4934-A3C1-FA5F1632364F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "78F1A903-4AF5-4FE6-92B0-9F0B64723804", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "383966C0-2FDD-4755-BA16-EE73D4577DFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "2AD7519A-2F81-42CB-A18A-0BA9DB0F90D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "F16F5CB9-3A92-4A96-BC24-993FCF3DC13F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "2748B48B-3E2A-4837-981E-5049CF627CBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:10.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "3A2E767A-65BC-420B-9BA3-12B51575FB37", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5E8E654-DA20-45F9-A25E-44D1E31F64C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C8FCFDA-703B-42DC-91FF-00066E88E49D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "3CA49611-A8E4-454E-98AD-B64C0202838F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FF7FCC81-2F1D-4EF5-956B-085FB7FEFAE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:11.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "200A9CE9-E56D-4EFA-AC8A-954F945DDDBB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8E1C4384-1728-4A71-8634-DCE3F2AEB8F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1AC8AA37-9962-4CF6-99E5-A6F94582B107", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF1FD1C1-6980-4E9F-8DEF-D9E552510481", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A9F443F1-C43F-42AD-98E4-AE11C72F363E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1AF61656-A266-4A2D-A001-54339716A4A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:10.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "3FC92F47-75EB-487A-B4A2-2B0B4C78B10D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:11.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C72FF118-E7A5-42DE-A9A0-703E71615045", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:9.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "E8463B1D-8442-4D50-BAAA-122280496A98", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:9.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "6448016D-1A8E-42E3-81F8-80772D4EE6B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:9.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "C54690EB-578A-45DA-9324-4CE84B084BCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:9.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "50B828D6-7221-4F94-9C0D-4483E60576EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2691943C-1FD1-43EE-B070-E35710E426ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5B10D9D9-BC40-4889-9196-C8EA7C571160", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "288EB1AC-9DE3-4FE2-AE4D-006A49199877", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1405D7AE-D14C-40F6-9144-EF2F18A6EBC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "E807E667-0597-4F14-902A-B922C94F572C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "02614B4F-0E90-456E-B7ED-387A3007FB45", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "F482624A-BE79-4A87-B676-DBB57369D31C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:10.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "77888947-80CB-46B3-910E-DCCFDF6B3D47", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "3251DB7F-0436-48D5-AF7B-F812237DB926", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "8600FF27-4407-4755-A1E3-5648D9ACCB1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D3A84AF1-A18E-4AFD-B85E-49CE46A548D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "BA54B88F-4A16-4F40-8A3B-B107F0CA2334", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "17C28542-51A4-4464-ADF9-C6376F829F4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "584853F9-644F-40B2-A28F-1CE9B51F84F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_protocol_security_module:11.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "DFE665CF-A633-474E-9519-D20E3D3958CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "71578014-E3CD-40A9-8AE4-537C970B4B2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8A4D2DA3-1EF3-428A-ACC0-1C438D6F8648", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "4758B4CB-5CD9-4505-8E91-E5E849937A63", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C801C53F-9ECC-42B9-A119-5046706CA621", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "02A544E4-B9BB-4735-8239-4FC57473BB1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:10.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "91E5BF8D-7391-49E3-A17A-26A1F138A3C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:11.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4C2FFC93-7053-441C-AD96-ED57F97E9A70", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "65D810F8-6062-4901-9832-226F80287C8F", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBC2A0DC-D931-4450-8D0F-3223A8EDCED9", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6C19BDD-1286-48C7-8E7D-66C100D02319", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B4653A4-833F-4381-86E9-452F19A53868", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FFCB7C80-DDA6-421C-92E8-E6E56E414E81", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:10.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "494085EA-7445-4592-8795-DCC035BDDC52", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:11.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "094BD2B6-E269-4647-A77C-B584805B6203", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "16ACB60E-B9E9-402A-BE42-DF5C892C2257", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5EE87BAD-382E-4FA7-BCF9-88EFA36DAB3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "E6363B0D-AC1F-4AF5-BC02-19F77A85F3AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "80B80111-6F28-4E7F-B9DE-27825866A138", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "3A8D0587-ED89-4CDB-960D-37FBD522B146", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:10.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "B77088CC-8C8C-4D6E-9770-634A5BF62A3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:11.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "9AA7DCB7-D01E-492A-A810-01B15F03A783", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB441DC5-813E-4E59-87B8-15731291B135", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "F89F4A12-710E-4F7A-9A8D-D8B91889A279", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "126AD92E-6816-42C0-8801-A81B59C11A56", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "890F363A-FC4F-4F52-BBFF-E959F65043A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4CE899AF-EA61-4B9D-9523-BF436614CE21", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:10.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "E5BA7D7A-02C8-411A-AFBF-D523E57A66C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C14D0DD3-E6A9-43C8-85D7-6DBB16E30DD5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F5BE38A0-CD2F-4C18-9EE3-D56A23BDB73A", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "476D58C4-7699-45AC-B987-B42B5488240B", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "30A1197A-7196-49AA-B368-5539180B8B93", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:10.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "E3F73DC1-9174-4842-B772-D277D293214A", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "DD575B3E-FBA9-443A-9B52-49766DBE40C4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D982EE29-D298-4D39-897A-580D867CDE50", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:10.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D477F539-2E79-47BB-A8CF-F3A73AA72A27", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:10.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "C70B0F91-B269-4753-92E5-69F49CCB498D", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:10.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "44847A70-9301-4C53-93AF-8888CF074F6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:11.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "53531CA7-5E47-4C46-BDA5-3B4710085078", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request."}, {"lang": "es", "value": "La API iControl en F5 BIG-IP LTM, APM, ASM, GTM, Link Controller y PSM 10.0.0 hasta 10.2.4 y 11.0.0 hasta 11.5.1, BIG-IP AAM 11.4.0 hasta 11.5.1, BIG-IP AFM y PEM 11.3.0 hasta 11.5.1, BIG-IP Analytics 11.0.0 hasta 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 hasta 10.2.4 y 11.0.0 hasta 11.3.0, Enterprise Manager 2.1.0 hasta 2.3.0 y 3.0.0 hasta 3.1.1 y BIG-IQ Cloud, Device y Security 4.0.0 hasta 4.3.0 permite a administradores remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en el elemento de nombre de anfitri\u00f3n en una solicitud SOAP."}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/77.html\n\n\"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')\"", "id": "CVE-2014-2928", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-12T14:55:06.587", "references": [{"source": "cret@cert.org", "url": "http://seclists.org/fulldisclosure/2014/May/32"}, {"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html"}, {"source": "cret@cert.org", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/34927"}, {"source": "cret@cert.org", "url": "http://www.osvdb.org/106728"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://seclists.org/fulldisclosure/2014/May/32"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/34927"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/106728"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}