Vulnerabilities > CVE-2014-2928 - Remote Command Injection vulnerability in Multiple F5 BIG-IP Products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
SINGLE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request. Per: http://cwe.mitre.org/data/definitions/77.html "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
Vulnerable Configurations
Exploit-Db
| description | F5 iControl Remote Root Command Execution. CVE-2014-2928. Remote exploit for unix platform |
| file | exploits/unix/remote/34927.rb |
| id | EDB-ID:34927 |
| last seen | 2016-02-04 |
| modified | 2014-10-09 |
| platform | unix |
| port | 443 |
| published | 2014-10-09 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/34927/ |
| title | F5 iControl Remote Root Command Execution |
| type | remote |
Metasploit
| description | This module exploits an authenticated remote command execution vulnerability in the F5 BIGIP iControl API (and likely other F5 devices). |
| id | MSF:EXPLOIT/LINUX/HTTP/F5_ICONTROL_EXEC |
| last seen | 2020-06-07 |
| modified | 2017-07-24 |
| published | 2014-09-27 |
| references | |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/f5_icontrol_exec.rb |
| title | F5 iControl Remote Root Command Execution |
Nessus
| NASL family | F5 Networks Local Security Checks |
| NASL id | F5_BIGIP_SOL15220.NASL |
| description | The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 11.0.0 through 11.3.0, Enterprise Manager 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request. (CVE-2014-2928) Impact Users may be able to run arbitrary commands on a BIG-IP system using an authenticated iControl connection. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 78166 |
| published | 2014-10-10 |
| reporter | This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/78166 |
| title | F5 Networks BIG-IP : iControl vulnerability (K15220) |
Packetstorm
data source https://packetstormsecurity.com/files/download/128592/f5_icontrol_exec.rb.txt id PACKETSTORM:128592 last seen 2016-12-05 published 2014-10-08 reporter Brandon Perry source https://packetstormsecurity.com/files/128592/F5-iControl-Remote-Root-Command-Execution.html title F5 iControl Remote Root Command Execution data source https://packetstormsecurity.com/files/download/126546/f5icontrol-exec.txt id PACKETSTORM:126546 last seen 2016-12-05 published 2014-05-07 reporter Brandon Perry source https://packetstormsecurity.com/files/126546/F5-iControl-Remote-Command-Execution.html title F5 iControl Remote Command Execution