← back
CVE-2014-3220

CVE-2014-3220

EPSS 11.0%
F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/33143unverifiedexploitdbwww.exploit-db.com/exploits/33143unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2014/May/10http://seclists.org/fulldisclosure/2014/May/11http://seclists.org/fulldisclosure/2014/May/16http://secunia.com/advisories/58440https://gist.github.com/brandonprry/2e73acd63094fa2a4f63http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15229.htmlhttp://volatile-minds.blogspot.com/2014/05/f5-big-iq-v41020130-authenticated.htmlhttp://www.exploit-db.com/exploits/33143http://www.securityfocus.com/bid/67191http://www.securityfocus.com/bid/67227