9.3

CVE-2014-2927

Exploit

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.

Data is provided by the National Vulnerability Database (NVD)
F5Arx Version6.0.0
F5Arx Version6.1.0
F5Arx Version6.1.1
F5Arx Version6.2.0
F5Arx Version6.3.0
F5Arx Version6.4.0
F5Big-ip Access Policy Manager Version10.1.0
F5Big-ip Access Policy Manager Version10.2.0
F5Big-ip Access Policy Manager Version10.2.1
F5Big-ip Access Policy Manager Version10.2.2
F5Big-ip Access Policy Manager Version10.2.3
F5Big-ip Access Policy Manager Version10.2.4
F5Big-ip Access Policy Manager Version11.0.0
F5Big-ip Access Policy Manager Version11.1.0
F5Big-ip Access Policy Manager Version11.2.0
F5Big-ip Access Policy Manager Version11.2.1
F5Big-ip Access Policy Manager Version11.3.0
F5Big-ip Access Policy Manager Version11.4.0
F5Big-ip Access Policy Manager Version11.4.1
F5Big-ip Access Policy Manager Version11.5.0
F5Big-ip Access Policy Manager Version11.5.1
F5Big-ip Access Policy Manager Version11.6.0
F5Big-ip Analytics Version11.0.0
F5Big-ip Analytics Version11.1.0
F5Big-ip Analytics Version11.2.0
F5Big-ip Analytics Version11.2.1
F5Big-ip Analytics Version11.3.0
F5Big-ip Analytics Version11.4.0
F5Big-ip Analytics Version11.4.1
F5Big-ip Analytics Version11.5.0
F5Big-ip Analytics Version11.5.1
F5Big-ip Analytics Version11.6.0
F5Big-ip Edge Gateway Version10.1.0
F5Big-ip Edge Gateway Version10.2.0
F5Big-ip Edge Gateway Version10.2.1
F5Big-ip Edge Gateway Version10.2.2
F5Big-ip Edge Gateway Version10.2.3
F5Big-ip Edge Gateway Version10.2.4
F5Big-ip Edge Gateway Version11.0.0
F5Big-ip Edge Gateway Version11.1.0
F5Big-ip Edge Gateway Version11.2.0
F5Big-ip Edge Gateway Version11.2.1
F5Big-ip Edge Gateway Version11.3.0
F5Big-ip Global Traffic Manager Version10.0.0
F5Big-ip Global Traffic Manager Version10.0.1
F5Big-ip Global Traffic Manager Version10.1.0
F5Big-ip Global Traffic Manager Version10.2.0
F5Big-ip Global Traffic Manager Version10.2.1
F5Big-ip Global Traffic Manager Version10.2.2
F5Big-ip Global Traffic Manager Version10.2.3
F5Big-ip Global Traffic Manager Version10.2.4
F5Big-ip Global Traffic Manager Version11.0.0
F5Big-ip Global Traffic Manager Version11.1.0
F5Big-ip Global Traffic Manager Version11.2.0
F5Big-ip Global Traffic Manager Version11.2.1
F5Big-ip Global Traffic Manager Version11.3.0
F5Big-ip Global Traffic Manager Version11.4.0
F5Big-ip Global Traffic Manager Version11.4.1
F5Big-ip Global Traffic Manager Version11.5.0
F5Big-ip Global Traffic Manager Version11.5.1
F5Big-ip Global Traffic Manager Version11.6.0
F5Big-ip Link Controller Version10.0.0
F5Big-ip Link Controller Version10.0.1
F5Big-ip Link Controller Version10.1.0
F5Big-ip Link Controller Version10.2.0
F5Big-ip Link Controller Version10.2.1
F5Big-ip Link Controller Version10.2.2
F5Big-ip Link Controller Version10.2.3
F5Big-ip Link Controller Version10.2.4
F5Big-ip Link Controller Version11.0.0
F5Big-ip Link Controller Version11.1.0
F5Big-ip Link Controller Version11.2.0
F5Big-ip Link Controller Version11.2.1
F5Big-ip Link Controller Version11.3.0
F5Big-ip Link Controller Version11.4.0
F5Big-ip Link Controller Version11.4.1
F5Big-ip Link Controller Version11.5.0
F5Big-ip Link Controller Version11.5.1
F5Big-ip Link Controller Version11.6.0
F5Big-ip Local Traffic Manager Version10.0.0
F5Big-ip Local Traffic Manager Version10.0.1
F5Big-ip Local Traffic Manager Version10.1.0
F5Big-ip Local Traffic Manager Version10.2.0
F5Big-ip Local Traffic Manager Version10.2.1
F5Big-ip Local Traffic Manager Version10.2.2
F5Big-ip Local Traffic Manager Version10.2.3
F5Big-ip Local Traffic Manager Version10.2.4
F5Big-ip Local Traffic Manager Version11.0.0
F5Big-ip Local Traffic Manager Version11.1.0
F5Big-ip Local Traffic Manager Version11.2.0
F5Big-ip Local Traffic Manager Version11.2.1
F5Big-ip Local Traffic Manager Version11.3.0
F5Big-ip Local Traffic Manager Version11.4.0
F5Big-ip Local Traffic Manager Version11.4.1
F5Big-ip Local Traffic Manager Version11.5.0
F5Big-ip Local Traffic Manager Version11.5.1
F5Big-ip Local Traffic Manager Version11.6.0
F5Big-ip Webaccelerator Version10.0.0
F5Big-ip Webaccelerator Version10.0.1
F5Big-ip Webaccelerator Version10.1.0
F5Big-ip Webaccelerator Version10.2.0
F5Big-ip Webaccelerator Version10.2.1
F5Big-ip Webaccelerator Version10.2.2
F5Big-ip Webaccelerator Version10.2.3
F5Big-ip Webaccelerator Version10.2.4
F5Big-ip Webaccelerator Version11.0.0
F5Big-ip Webaccelerator Version11.1.0
F5Big-ip Webaccelerator Version11.2.0
F5Big-ip Webaccelerator Version11.2.1
F5Big-ip Webaccelerator Version11.3.0
F5Big-iq Cloud Version4.0.0
F5Big-iq Cloud Version4.1.0
F5Big-iq Cloud Version4.2.0
F5Big-iq Cloud Version4.3.0
F5Big-iq Device Version4.2.0
F5Big-iq Device Version4.3.0
F5Big-iq Security Version4.0.0
F5Big-iq Security Version4.1.0
F5Big-iq Security Version4.2.0
F5Big-iq Security Version4.3.0
F5Enterprise Manager Version2.1.0
F5Enterprise Manager Version2.2.0
F5Enterprise Manager Version2.3.0
F5Enterprise Manager Version3.0.0
F5Enterprise Manager Version3.1.0
F5Enterprise Manager Version3.1.1
F5Firepass Version6.0.0
F5Firepass Version6.0.1
F5Firepass Version6.0.2
F5Firepass Version6.0.3
F5Firepass Version6.1.0
F5Firepass Version7.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 7.43% 0.909
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.