Release date:
Updated on:
Affected Systems:
F5 BIG-IQ 4.1.0.2013.0
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2014-3220
F5 BIG-IQ is a product that centrally manages and configures multiple BIG-IP network devices.
F5 BIG-IQ 4.1.0.2013.0 in the implementation of security vulnerabilities, authenticated remote users through mgmt/shared/authz/users/user page Request Name parameters, this vulnerability allows you to change the password of any user.
<* Source: F5
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
F5
--
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://support.f5.com/kb/en-us/solutions/public/
Https://gist.github.com/brandonprry/2e73acd63094fa2a4f63
Http://seclists.org/fulldisclosure/2014/May/10
Http://volatile-minds.blogspot.com/2014/05/f5-big-iq-v41020130-authenticated.html
This article permanently updates the link address: