CVE-2015-3628
CVE-2015-3628
The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0, BIG-IP GTM 11.3.0 before 11.6.0 HF6, BIG-IP PSM 11.3.0 through 11.4.1, Enterprise Manager 3.1.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote authenticated users with the "Resource Administrator" role to gain privileges via an iCall (1) script or (2) handler in a SOAP request to iControl/iControlPortal.cgi.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/134434/F5-iControl-iCall-Script-Root-Command-Execution.htmlunverifiedcve_referencewww.exploit-db.com/exploits/38764/unverifiedexploitdbwww.exploit-db.com/exploits/38764unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/134434/F5-iControl-iCall-Script-Root-Command-Execution.htmlhttps://gdssecurity.squarespace.com/labs/2015/9/8/f5-icallscript-privilege-escalation-cve-2015-3628.htmlhttps://support.f5.com/kb/en-us/solutions/public/16000/700/sol16728.htmlhttps://www.exploit-db.com/exploits/38764/http://www.rapid7.com/db/modules/exploit/linux/http/f5_icall_cmdhttp://www.securitytracker.com/id/1034306http://www.securitytracker.com/id/1034307