CVE-2014-2928: CVE-2014-2928

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-2928

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

多款F5产品任意命令执行漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

F5 BIG-IP LTM等都是美国F5公司的产品。LTM是一款本地流量管理器；APM是一套提供安全统一访问关键业务应用和网络的解决方案。多款F5产品的iControl API组件中存在安全漏洞。远程攻击者可借助SOAP请求的hostname元素中的shell元字符利用该漏洞执行任意命令。以下产品及版本受到影响：F5 BIG-IP LTM，APM，ASM，GTM，Link Controller，PSM 10.0.0至10.2.4版本和11.0.0至11.5.1版本，BIG-IP AAM 11.4.0至1

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2014-2928

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2014-2928

Please Login to view more intelligence information

http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.htmlx_refsource_CONFIRM
http://www.exploit-db.com/exploits/34927exploitx_refsource_EXPLOIT-DB
http://www.osvdb.org/106728vdb-entryx_refsource_OSVDB
http://seclists.org/fulldisclosure/2014/May/32mailing-listx_refsource_FULLDISC
https://nvd.nist.gov/vuln/detail/CVE-2014-2928

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2014-2928

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2014-2928

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2014-2928

III. Intelligence Information for CVE-2014-2928

New Vulnerabilities

V. Comments for CVE-2014-2928

Leave a comment