// For flags

CVE-2014-2928

F5 iControl - Remote Command Execution

Severity Score

7.1
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request.

La API iControl en F5 BIG-IP LTM, APM, ASM, GTM, Link Controller y PSM 10.0.0 hasta 10.2.4 y 11.0.0 hasta 11.5.1, BIG-IP AAM 11.4.0 hasta 11.5.1, BIG-IP AFM y PEM 11.3.0 hasta 11.5.1, BIG-IP Analytics 11.0.0 hasta 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 hasta 10.2.4 y 11.0.0 hasta 11.3.0, Enterprise Manager 2.1.0 hasta 2.3.0 y 3.0.0 hasta 3.1.1 y BIG-IQ Cloud, Device y Security 4.0.0 hasta 4.3.0 permite a administradores remotos ejecutar comandos arbitrarios a través de metacaracteres de shell en el elemento de nombre de anfitrión en una solicitud SOAP.

F5 iControl systems suffer from a remote command execution vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-04-21 CVE Reserved
  • 2014-05-07 CVE Published
  • 2014-10-09 First Exploit
  • 2024-06-28 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
9.4.0
Search vendor "F5" for product "Big-ip Webaccelerator" and version "9.4.0"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
9.4.1
Search vendor "F5" for product "Big-ip Webaccelerator" and version "9.4.1"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
9.4.2
Search vendor "F5" for product "Big-ip Webaccelerator" and version "9.4.2"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
9.4.3
Search vendor "F5" for product "Big-ip Webaccelerator" and version "9.4.3"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
9.4.4
Search vendor "F5" for product "Big-ip Webaccelerator" and version "9.4.4"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
9.4.5
Search vendor "F5" for product "Big-ip Webaccelerator" and version "9.4.5"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
9.4.6
Search vendor "F5" for product "Big-ip Webaccelerator" and version "9.4.6"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
9.4.7
Search vendor "F5" for product "Big-ip Webaccelerator" and version "9.4.7"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
9.4.8
Search vendor "F5" for product "Big-ip Webaccelerator" and version "9.4.8"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
10.0.0
Search vendor "F5" for product "Big-ip Webaccelerator" and version "10.0.0"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
10.0.1
Search vendor "F5" for product "Big-ip Webaccelerator" and version "10.0.1"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
10.1.0
Search vendor "F5" for product "Big-ip Webaccelerator" and version "10.1.0"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
10.2.0
Search vendor "F5" for product "Big-ip Webaccelerator" and version "10.2.0"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
10.2.1
Search vendor "F5" for product "Big-ip Webaccelerator" and version "10.2.1"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
10.2.2
Search vendor "F5" for product "Big-ip Webaccelerator" and version "10.2.2"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
10.2.3
Search vendor "F5" for product "Big-ip Webaccelerator" and version "10.2.3"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
10.2.4
Search vendor "F5" for product "Big-ip Webaccelerator" and version "10.2.4"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
11.0.0
Search vendor "F5" for product "Big-ip Webaccelerator" and version "11.0.0"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
11.1.0
Search vendor "F5" for product "Big-ip Webaccelerator" and version "11.1.0"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
11.2.0
Search vendor "F5" for product "Big-ip Webaccelerator" and version "11.2.0"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
11.2.1
Search vendor "F5" for product "Big-ip Webaccelerator" and version "11.2.1"
-
Affected
F5
Search vendor "F5"
Big-ip Webaccelerator
Search vendor "F5" for product "Big-ip Webaccelerator"
11.3.0
Search vendor "F5" for product "Big-ip Webaccelerator" and version "11.3.0"
-
Affected
F5
Search vendor "F5"
Big-ip Local Traffic Manager
Search vendor "F5" for product "Big-ip Local Traffic Manager"
10.0.0
Search vendor "F5" for product "Big-ip Local Traffic Manager" and version "10.0.0"
-
Affected
F5
Search vendor "F5"
Big-ip Local Traffic Manager
Search vendor "F5" for product "Big-ip Local Traffic Manager"
10.0.1
Search vendor "F5" for product "Big-ip Local Traffic Manager" and version "10.0.1"
-
Affected
F5
Search vendor "F5"
Big-ip Local Traffic Manager
Search vendor "F5" for product "Big-ip Local Traffic Manager"
10.1.0
Search vendor "F5" for product "Big-ip Local Traffic Manager" and version "10.1.0"
-
Affected
F5
Search vendor "F5"
Big-ip Local Traffic Manager
Search vendor "F5" for product "Big-ip Local Traffic Manager"
10.2.0
Search vendor "F5" for product "Big-ip Local Traffic Manager" and version "10.2.0"
-
Affected
F5
Search vendor "F5"
Big-ip Local Traffic Manager
Search vendor "F5" for product "Big-ip Local Traffic Manager"
10.2.1
Search vendor "F5" for product "Big-ip Local Traffic Manager" and version "10.2.1"
-
Affected
F5
Search vendor "F5"
Big-ip Local Traffic Manager
Search vendor "F5" for product "Big-ip Local Traffic Manager"
10.2.2
Search vendor "F5" for product "Big-ip Local Traffic Manager" and version "10.2.2"
-
Affected
F5
Search vendor "F5"
Big-ip Local Traffic Manager
Search vendor "F5" for product "Big-ip Local Traffic Manager"
11.0.0
Search vendor "F5" for product "Big-ip Local Traffic Manager" and version "11.0.0"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
9.4.5
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "9.4.5"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
9.4.6
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "9.4.6"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
9.4.7
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "9.4.7"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
9.4.8
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "9.4.8"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
10.0.0
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "10.0.0"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
10.0.1
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "10.0.1"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
10.1.0
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "10.1.0"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
10.2.0
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "10.2.0"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
10.2.1
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "10.2.1"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
10.2.2
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "10.2.2"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
10.2.3
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "10.2.3"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
10.2.4
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "10.2.4"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
11.0.0
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "11.0.0"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
11.1.0
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "11.1.0"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
11.2.0
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "11.2.0"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
11.2.1
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "11.2.1"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
11.3.0
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "11.3.0"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
11.4.0
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "11.4.0"
-
Affected
F5
Search vendor "F5"
Big-ip Protocol Security Module
Search vendor "F5" for product "Big-ip Protocol Security Module"
11.4.1
Search vendor "F5" for product "Big-ip Protocol Security Module" and version "11.4.1"
-
Affected
F5
Search vendor "F5"
Big-ip Link Controller
Search vendor "F5" for product "Big-ip Link Controller"
10.0.0
Search vendor "F5" for product "Big-ip Link Controller" and version "10.0.0"
-
Affected
F5
Search vendor "F5"
Big-ip Link Controller
Search vendor "F5" for product "Big-ip Link Controller"
10.0.1
Search vendor "F5" for product "Big-ip Link Controller" and version "10.0.1"
-
Affected
F5
Search vendor "F5"
Big-ip Link Controller
Search vendor "F5" for product "Big-ip Link Controller"
10.1.0
Search vendor "F5" for product "Big-ip Link Controller" and version "10.1.0"
-
Affected
F5
Search vendor "F5"
Big-ip Link Controller
Search vendor "F5" for product "Big-ip Link Controller"
10.2.0
Search vendor "F5" for product "Big-ip Link Controller" and version "10.2.0"
-
Affected
F5
Search vendor "F5"
Big-ip Link Controller
Search vendor "F5" for product "Big-ip Link Controller"
10.2.1
Search vendor "F5" for product "Big-ip Link Controller" and version "10.2.1"
-
Affected
F5
Search vendor "F5"
Big-ip Link Controller
Search vendor "F5" for product "Big-ip Link Controller"
10.2.2
Search vendor "F5" for product "Big-ip Link Controller" and version "10.2.2"
-
Affected
F5
Search vendor "F5"
Big-ip Link Controller
Search vendor "F5" for product "Big-ip Link Controller"
11.0.0
Search vendor "F5" for product "Big-ip Link Controller" and version "11.0.0"
-
Affected
F5
Search vendor "F5"
Big-ip Application Security Manager
Search vendor "F5" for product "Big-ip Application Security Manager"
10.0.0
Search vendor "F5" for product "Big-ip Application Security Manager" and version "10.0.0"
-
Affected
F5
Search vendor "F5"
Big-ip Application Security Manager
Search vendor "F5" for product "Big-ip Application Security Manager"
10.0.1
Search vendor "F5" for product "Big-ip Application Security Manager" and version "10.0.1"
-
Affected
F5
Search vendor "F5"
Big-ip Application Security Manager
Search vendor "F5" for product "Big-ip Application Security Manager"
10.1.0
Search vendor "F5" for product "Big-ip Application Security Manager" and version "10.1.0"
-
Affected
F5
Search vendor "F5"
Big-ip Application Security Manager
Search vendor "F5" for product "Big-ip Application Security Manager"
10.2.0
Search vendor "F5" for product "Big-ip Application Security Manager" and version "10.2.0"
-
Affected
F5
Search vendor "F5"
Big-ip Application Security Manager
Search vendor "F5" for product "Big-ip Application Security Manager"
10.2.1
Search vendor "F5" for product "Big-ip Application Security Manager" and version "10.2.1"
-
Affected
F5
Search vendor "F5"
Big-ip Application Security Manager
Search vendor "F5" for product "Big-ip Application Security Manager"
10.2.2
Search vendor "F5" for product "Big-ip Application Security Manager" and version "10.2.2"
-
Affected
F5
Search vendor "F5"
Big-ip Application Security Manager
Search vendor "F5" for product "Big-ip Application Security Manager"
11.0.0
Search vendor "F5" for product "Big-ip Application Security Manager" and version "11.0.0"
-
Affected
F5
Search vendor "F5"
Big-ip Global Traffic Manager
Search vendor "F5" for product "Big-ip Global Traffic Manager"
10.0.0
Search vendor "F5" for product "Big-ip Global Traffic Manager" and version "10.0.0"
-
Affected
F5
Search vendor "F5"
Big-ip Global Traffic Manager
Search vendor "F5" for product "Big-ip Global Traffic Manager"
10.0.1
Search vendor "F5" for product "Big-ip Global Traffic Manager" and version "10.0.1"
-
Affected
F5
Search vendor "F5"
Big-ip Global Traffic Manager
Search vendor "F5" for product "Big-ip Global Traffic Manager"
10.1.0
Search vendor "F5" for product "Big-ip Global Traffic Manager" and version "10.1.0"
-
Affected
F5
Search vendor "F5"
Big-ip Global Traffic Manager
Search vendor "F5" for product "Big-ip Global Traffic Manager"
10.2.0
Search vendor "F5" for product "Big-ip Global Traffic Manager" and version "10.2.0"
-
Affected
F5
Search vendor "F5"
Big-ip Global Traffic Manager
Search vendor "F5" for product "Big-ip Global Traffic Manager"
10.2.1
Search vendor "F5" for product "Big-ip Global Traffic Manager" and version "10.2.1"
-
Affected
F5
Search vendor "F5"
Big-ip Global Traffic Manager
Search vendor "F5" for product "Big-ip Global Traffic Manager"
10.2.2
Search vendor "F5" for product "Big-ip Global Traffic Manager" and version "10.2.2"
-
Affected
F5
Search vendor "F5"
Big-ip Global Traffic Manager
Search vendor "F5" for product "Big-ip Global Traffic Manager"
11.0.0
Search vendor "F5" for product "Big-ip Global Traffic Manager" and version "11.0.0"
-
Affected
F5
Search vendor "F5"
Big-ip Wan Optimization Manager
Search vendor "F5" for product "Big-ip Wan Optimization Manager"
10.0.0
Search vendor "F5" for product "Big-ip Wan Optimization Manager" and version "10.0.0"
-
Affected
F5
Search vendor "F5"
Big-ip Wan Optimization Manager
Search vendor "F5" for product "Big-ip Wan Optimization Manager"
10.0.1
Search vendor "F5" for product "Big-ip Wan Optimization Manager" and version "10.0.1"
-
Affected
F5
Search vendor "F5"
Big-ip Wan Optimization Manager
Search vendor "F5" for product "Big-ip Wan Optimization Manager"
10.1.0
Search vendor "F5" for product "Big-ip Wan Optimization Manager" and version "10.1.0"
-
Affected
F5
Search vendor "F5"
Big-ip Wan Optimization Manager
Search vendor "F5" for product "Big-ip Wan Optimization Manager"
10.2.0
Search vendor "F5" for product "Big-ip Wan Optimization Manager" and version "10.2.0"
-
Affected
F5
Search vendor "F5"
Big-ip Wan Optimization Manager
Search vendor "F5" for product "Big-ip Wan Optimization Manager"
10.2.1
Search vendor "F5" for product "Big-ip Wan Optimization Manager" and version "10.2.1"
-
Affected
F5
Search vendor "F5"
Big-ip Wan Optimization Manager
Search vendor "F5" for product "Big-ip Wan Optimization Manager"
10.2.2
Search vendor "F5" for product "Big-ip Wan Optimization Manager" and version "10.2.2"
-
Affected
F5
Search vendor "F5"
Big-ip Wan Optimization Manager
Search vendor "F5" for product "Big-ip Wan Optimization Manager"
11.0.0
Search vendor "F5" for product "Big-ip Wan Optimization Manager" and version "11.0.0"
-
Affected
F5
Search vendor "F5"
Big-ip Access Policy Manager
Search vendor "F5" for product "Big-ip Access Policy Manager"
10.1.0
Search vendor "F5" for product "Big-ip Access Policy Manager" and version "10.1.0"
-
Affected
F5
Search vendor "F5"
Big-ip Access Policy Manager
Search vendor "F5" for product "Big-ip Access Policy Manager"
10.2.0
Search vendor "F5" for product "Big-ip Access Policy Manager" and version "10.2.0"
-
Affected
F5
Search vendor "F5"
Big-ip Access Policy Manager
Search vendor "F5" for product "Big-ip Access Policy Manager"
10.2.1
Search vendor "F5" for product "Big-ip Access Policy Manager" and version "10.2.1"
-
Affected
F5
Search vendor "F5"
Big-ip Access Policy Manager
Search vendor "F5" for product "Big-ip Access Policy Manager"
10.2.2
Search vendor "F5" for product "Big-ip Access Policy Manager" and version "10.2.2"
-
Affected
F5
Search vendor "F5"
Big-ip Access Policy Manager
Search vendor "F5" for product "Big-ip Access Policy Manager"
11.0.0
Search vendor "F5" for product "Big-ip Access Policy Manager" and version "11.0.0"
-
Affected
F5
Search vendor "F5"
Big-ip Edge Gateway
Search vendor "F5" for product "Big-ip Edge Gateway"
10.1.0
Search vendor "F5" for product "Big-ip Edge Gateway" and version "10.1.0"
-
Affected
F5
Search vendor "F5"
Big-ip Edge Gateway
Search vendor "F5" for product "Big-ip Edge Gateway"
10.2.0
Search vendor "F5" for product "Big-ip Edge Gateway" and version "10.2.0"
-
Affected
F5
Search vendor "F5"
Big-ip Edge Gateway
Search vendor "F5" for product "Big-ip Edge Gateway"
10.2.1
Search vendor "F5" for product "Big-ip Edge Gateway" and version "10.2.1"
-
Affected
F5
Search vendor "F5"
Big-ip Edge Gateway
Search vendor "F5" for product "Big-ip Edge Gateway"
10.2.2
Search vendor "F5" for product "Big-ip Edge Gateway" and version "10.2.2"
-
Affected
F5
Search vendor "F5"
Big-ip Edge Gateway
Search vendor "F5" for product "Big-ip Edge Gateway"
11.0.0
Search vendor "F5" for product "Big-ip Edge Gateway" and version "11.0.0"
-
Affected