Vulnerabilities > CVE-2015-7393 - Local Privilege Escalation vulnerability in Multiple F5 BIG-IP Products

CVSS 6.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

nessus

NVD

Published: 2016-01-12

Updated: 2016-01-14

Summary

dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IQ Application Delivery Controller 4.5.0 F5 BIG IP Application Security Manager 11.2.0 F5 BIG IP Application Security Manager 11.2.1 F5 BIG IP Application Security Manager 11.3.0 F5 BIG IP Application Security Manager 11.4.0 F5 BIG IP Application Security Manager 11.4.1 F5 BIG IP Application Security Manager 11.5.1 F5 BIG IP Application Security Manager 11.6.0 F5 BIG IP Application Security Manager 12.0.0 F5 BIG IQ Security 4.0.0 F5 BIG IQ Security 4.1.0 F5 BIG IQ Security 4.2.0 F5 BIG IQ Security 4.3.0 F5 BIG IQ Security 4.4.0 F5 BIG IQ Security 4.5.0 F5 BIG IP WAN Optimization Manager 11.2.0 F5 BIG IP WAN Optimization Manager 11.2.1 F5 BIG IP WAN Optimization Manager 11.3.0 F5 BIG IP Global Traffic Manager 11.2.1 F5 BIG IP Global Traffic Manager 11.3.0 F5 BIG IP Global Traffic Manager 11.4.0 F5 BIG IP Global Traffic Manager 11.4.1 F5 BIG IP Global Traffic Manager 11.5.1 F5 BIG IP Global Traffic Manager 11.6.0 F5 BIG IP Global Traffic Manager11.2.0 * F5 BIG IQ Centralized Management 4.6.0 F5 BIG IP Analytics 11.0.0 F5 BIG IP Analytics 11.1.0 F5 BIG IP Analytics 11.2.0 F5 BIG IP Analytics 11.2.1 F5 BIG IP Analytics 11.3.0 F5 BIG IP Analytics 11.4.0 F5 BIG IP Analytics 11.4.1 F5 BIG IP Analytics 11.5.0 F5 BIG IP Analytics 11.5.1 F5 BIG IP Analytics 11.6.0 F5 BIG IP Analytics 12.0.0 F5 BIG IP Advanced Firewall Manager 11.3.0 F5 BIG IP Advanced Firewall Manager 11.4.0 F5 BIG IP Advanced Firewall Manager 11.4.1 F5 BIG IP Advanced Firewall Manager 11.5.0 F5 BIG IP Advanced Firewall Manager 11.5.1 F5 BIG IP Advanced Firewall Manager 11.6.0 F5 BIG IP Advanced Firewall Manager 12.0.0 F5 BIG IP Domain Name System 12.0.0 F5 BIG IP Protocol Security Module 11.2.0 F5 BIG IP Protocol Security Module 11.2.1 F5 BIG IP Protocol Security Module 11.3.0 F5 BIG IP Protocol Security Module 11.4.0 F5 BIG IP Protocol Security Module 11.4.1 F5 BIG IQ Cloud 4.0.0 F5 BIG IQ Cloud 4.1.0 F5 BIG IQ Cloud 4.2.0 F5 BIG IQ Cloud 4.3.0 F5 BIG IQ Cloud 4.4.0 F5 BIG IQ Cloud 4.5.0 F5 BIG IQ Cloud AND Orchestration 1.0.0 F5 BIG IP Policy Enforcement Manager 11.3.0 F5 BIG IP Policy Enforcement Manager 11.4.0 F5 BIG IP Policy Enforcement Manager 11.4.1 F5 BIG IP Policy Enforcement Manager 11.5.0 F5 BIG IP Policy Enforcement Manager 11.5.1 F5 BIG IP Policy Enforcement Manager 11.6.0 F5 BIG IP Policy Enforcement Manager 12.0.0 F5 BIG IP Access Policy Manager 11.2.0 F5 BIG IP Access Policy Manager 11.2.1 F5 BIG IP Access Policy Manager 11.3.0 F5 BIG IP Access Policy Manager 11.4.0 F5 BIG IP Access Policy Manager 11.5.0 F5 BIG IP Access Policy Manager 11.5.1 F5 BIG IP Access Policy Manager 11.6.0 F5 BIG IP Access Policy Manager 12.0.0 F5 BIG IP Application Acceleration Manager 11.4.0 F5 BIG IP Application Acceleration Manager 11.4.1 F5 BIG IP Application Acceleration Manager 11.5.0 F5 BIG IP Application Acceleration Manager 11.5.1 F5 BIG IP Application Acceleration Manager 11.6.0 F5 BIG IP Application Acceleration Manager 12.0.0 F5 BIG IP Edge Gateway 11.2.0 F5 BIG IP Edge Gateway 11.2.1 F5 BIG IP Edge Gateway 11.3.0 F5 BIG IQ Device 4.2.0 F5 BIG IQ Device 4.3.0 F5 BIG IQ Device 4.4.0 F5 BIG IQ Device 4.5.0 F5 BIG IP Local Traffic Manager 11.2.0 F5 BIG IP Local Traffic Manager 11.2.1 F5 BIG IP Local Traffic Manager 11.3.0 F5 BIG IP Local Traffic Manager 11.4.0 F5 BIG IP Local Traffic Manager 11.4.1 F5 BIG IP Local Traffic Manager 11.5.1 F5 BIG IP Local Traffic Manager 11.6.0 F5 BIG IP Local Traffic Manager 12.0.0 F5 BIG IP Webaccelerator 11.2.0 F5 BIG IP Webaccelerator 11.2.1 F5 BIG IP Webaccelerator 11.3.0	96

Nessus

NASL family	F5 Networks Local Security Checks
NASL id	F5_BIGIP_SOL75136237.NASL
description	dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors. (CVE-2015-7393)
last seen	2020-06-01
modified	2020-06-02
plugin id	87788
published	2016-01-08
reporter	This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/87788
title	F5 Networks BIG-IP : Privilege escalation vulnerability (K75136237)

Summary

Vulnerable Configurations

Nessus

References