Summary
Multiple F5 Networks Products are prone to a remote code-execution vulnerability.
Impact
An attacker can exploit this issue to execute arbitrary code within the context of the application.
Solution
Disable the rsync daemon
Insight
An open Rsync configuration for the ConfigSync IP address allows for remote read/write file system access in BIG-IP 11.x versions before 11.6.0, 11.5.1 HF3, 11.5.0 HF4, 11.4.1 HF4, 11.4.0 HF7, 11.3.0 HF9, and 11.2.1 HF11, and Enterprise Manager 3.x versions before 3.1.1 HF2.
Affected
F5 BIG-IP 11.6 before 11.6.0,
11.5.1 before HF3,
11.5.0 before HF4,
11.4.1 before HF4,
11.4.0 before HF7,
11.3.0 before HF9,
and 11.2.1 before HF11
Enterprise Manager 3.x before 3.1.1 HF2,
Detection
Try to read the /VERSION file via a rsync request.
References
Severity
Classification
-
CVE CVE-2014-2927 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Mac OS X)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Windows)
- Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities-01 Aug14 (Windows)