Vulnerabilities > CVE-2014-3220 - Credentials Management vulnerability in F5 Big-Iq 4.1.0.2013.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | F5 BIG-IQ 4.1.0.2013.0 - Privilege Escalation. CVE-2014-2937,CVE-2014-3220. Remote exploit for hardware platform |
| file | exploits/hardware/remote/33143.rb |
| id | EDB-ID:33143 |
| last seen | 2016-02-03 |
| modified | 2014-05-02 |
| platform | hardware |
| port | 443 |
| published | 2014-05-02 |
| reporter | Brandon Perry |
| source | https://www.exploit-db.com/download/33143/ |
| title | F5 BIG-IQ 4.1.0.2013.0 - Privilege Escalation |
| type | remote |
Nessus
NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL15229.NASL description F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user last seen 2020-06-01 modified 2020-06-02 plugin id 86005 published 2015-09-18 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86005 title F5 Networks BIG-IP : BIG-IQ / BIG-IP privilege escalation vulnerability (K15229) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution K15229. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(86005); script_version("2.5"); script_cvs_date("Date: 2019/05/09 9:52:02"); script_cve_id("CVE-2014-3220"); script_bugtraq_id(67191, 67227); script_name(english:"F5 Networks BIG-IP : BIG-IQ / BIG-IP privilege escalation vulnerability (K15229)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/. (CVE-2014-3220) Impact An authenticated user with limited access may be able to gain administrative access to the system." ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K15229" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution K15229." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/05"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/18"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "K15229"; vmatrix = make_array(); if (report_paranoia < 2) audit(AUDIT_PARANOID); # AFM vmatrix["AFM"] = make_array(); vmatrix["AFM"]["affected" ] = make_list("11.3.0-11.4.0"); vmatrix["AFM"]["unaffected"] = make_list("11.4.1-11.6.0"); # AM vmatrix["AM"] = make_array(); vmatrix["AM"]["affected" ] = make_list("11.4.0"); vmatrix["AM"]["unaffected"] = make_list("11.4.1-11.6.0"); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("11.3.0-11.4.0"); vmatrix["APM"]["unaffected"] = make_list("11.4.1-11.6.0","11.0.0-11.2.1","10.1.0-10.2.4"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("11.3.0-11.4.0"); vmatrix["ASM"]["unaffected"] = make_list("11.4.1-11.6.0","11.0.0-11.2.1","10.0.0-10.2.4"); # AVR vmatrix["AVR"] = make_array(); vmatrix["AVR"]["affected" ] = make_list("11.3.0-11.4.0"); vmatrix["AVR"]["unaffected"] = make_list("11.4.1-11.6.0","11.0.0-11.2.1"); # GTM vmatrix["GTM"] = make_array(); vmatrix["GTM"]["affected" ] = make_list("11.3.0-11.4.0"); vmatrix["GTM"]["unaffected"] = make_list("11.4.1-11.6.0","11.0.0-11.2.1","10.0.0-10.2.4"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("11.3.0-11.4.0"); vmatrix["LC"]["unaffected"] = make_list("11.4.1-11.6.0","11.0.0-11.2.1","10.0.0-10.2.4"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("11.3.0-11.4.0"); vmatrix["LTM"]["unaffected"] = make_list("11.4.1-11.6.0","11.0.0-11.2.1","10.0.0-10.2.4"); # PEM vmatrix["PEM"] = make_array(); vmatrix["PEM"]["affected" ] = make_list("11.3.0-11.4.0"); vmatrix["PEM"]["unaffected"] = make_list("11.4.1-11.6.0"); # PSM vmatrix["PSM"] = make_array(); vmatrix["PSM"]["affected" ] = make_list("11.3.0-11.4.0"); vmatrix["PSM"]["unaffected"] = make_list("11.4.1","11.0.0-11.2.1","10.0.0-10.2.4"); # WAM vmatrix["WAM"] = make_array(); vmatrix["WAM"]["affected" ] = make_list("11.3.0"); vmatrix["WAM"]["unaffected"] = make_list("11.0.0-11.2.1","10.0.0-10.2.4"); # WOM vmatrix["WOM"] = make_array(); vmatrix["WOM"]["affected" ] = make_list("11.3.0"); vmatrix["WOM"]["unaffected"] = make_list("11.0.0-11.2.1","10.0.0-10.2.4"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get()); else security_hole(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }NASL family CGI abuses NASL id F5_BIGIQ_CU_PRIVILEGE_ESCALATION.NASL description According to its version number, the remote F5 Networks BIG-IQ device is affected by a privilege escalation vulnerability that allows remote, authenticated users to change the password of other users (such as the default last seen 2020-06-01 modified 2020-06-02 plugin id 73950 published 2014-05-09 reporter This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/73950 title F5 Networks BIG-IQ Configuration Utility Privilege Escalation code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(73950); script_version("1.4"); script_cvs_date("Date: 2018/11/28 22:47:41"); script_cve_id("CVE-2014-3220"); script_bugtraq_id(67191); script_xref(name:"IAVB", value:"2014-B-0051"); script_name(english:"F5 Networks BIG-IQ Configuration Utility Privilege Escalation"); script_summary(english:"Checks BIG-IQ version."); script_set_attribute(attribute:"synopsis", value:"The remote host is affected by a privilege escalation vulnerability."); script_set_attribute(attribute:"description", value: "According to its version number, the remote F5 Networks BIG-IQ device is affected by a privilege escalation vulnerability that allows remote, authenticated users to change the password of other users (such as the default 'root' user) via a specially crafted request to the web configuration utility. This is due to a flaw in the '/mgmt/shared/authz/users/' script."); # http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15229.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c8d05021"); # http://volatile-minds.blogspot.com/2014/05/f5-big-iq-v41020130-authenticated.html script_set_attribute(attribute:"see_also",value:"http://www.nessus.org/u?b3ef1cac"); script_set_attribute(attribute:"solution", value:"Upgrade to BIG-IQ version 4.2.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/01"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/09"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-iq"); script_set_attribute(attribute:"stig_severity", value:"II"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("f5_bigiq_detect.nbin"); script_require_keys("Host/BIG-IQ/version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); version = get_kb_item_or_exit("Host/BIG-IQ/version"); port = get_kb_item("Host/BIG-IQ-CU/detected"); if (isnull(port)) { if (report_paranoia < 2) audit(AUDIT_PARANOID); port = 0; } # 4.0.0 - 4.1.0 affected if (version =~ "^4\.[01]\.0(\.|$)") { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : 4.2.0' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, "BIG-IQ", version);
References
- https://gist.github.com/brandonprry/2e73acd63094fa2a4f63
- http://seclists.org/fulldisclosure/2014/May/11
- http://volatile-minds.blogspot.com/2014/05/f5-big-iq-v41020130-authenticated.html
- http://seclists.org/fulldisclosure/2014/May/10
- http://www.securityfocus.com/bid/67191
- http://www.securityfocus.com/bid/67227
- http://seclists.org/fulldisclosure/2014/May/16
- http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15229.html
- http://secunia.com/advisories/58440
- http://www.exploit-db.com/exploits/33143