Release date:
Updated on: 2014-05-10
Affected Systems:
F5 BigIP
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67278
CVE (CAN) ID: CVE-2014-2928
F5 BIG-IP products provide enterprises with integrated application delivery services such as acceleration, security, access control and high availability.
Multiple F5 BIG-IP products do not effectively filter the data provided through the iControl connection, which allows an attacker with a valid Administrator Account to execute arbitrary commands on the affected system by accessing iControl.
<* Source: Brandon Perry
Link: http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
F5
--
F5 has released a Security Bulletin (SOL15220) and corresponding patches for this:
SOL15220: iControl vulnerability CVE-2014-2928
Link: http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html
This article permanently updates the link address: