Directory Traversal Vulnerability in F5 BIG-IP and Enterprise Manager
CVE-2015-4040

Currently unrated

Key Information:

Vendor: F5
Status: Enterprise Manager
Vendor: CVE Published:; 17 September 2015

Summary

A directory traversal vulnerability exists in the configuration utility of F5 BIG-IP prior to version 12.0.0 and Enterprise Manager from versions 3.0.0 to 3.1.1. This weakness allows remote authenticated users to execute file access operations, potentially leading to unauthorized exposure of arbitrary files located in the web root. The exploit is facilitated through unspecified vectors, making it crucial for administrators to apply necessary updates and configurations to mitigate the risk of unauthorized data retrieval.

References

http://packetstormsecurity.com/files/133931/F5-BigIP-10.2...

x_refsource_MISC

http://www.securitytracker.com/id/1033533

vdb-entryx_refsource_SECTRACK

https://support.f5.com/kb/en-us/solutions/public/17000/20...

x_refsource_CONFIRM

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Sep 17, 2015
Vulnerability Reserved
May 19, 2015