Privilege Escalation in F5 BIG-IP Products Including LTM and APM
CVE-2015-7393

7.4HIGH

Key Information:

Vendor
F5
Status
Big-iq Application Delivery Controller
Vendor
CVE Published:
12 January 2016

Summary

The local privilege escalation vulnerability in F5's BIG-IP product suite allows local users with advanced shell access to exploit unspecified vectors, leading to unauthorized privilege elevation. This issue affects multiple versions of the BIG-IP LTM, Analytics, APM, ASM, and Link Controller, among others, creating potential security risks for organizations utilizing these systems. It is critical for users to apply the available patches to mitigate any risks associated with this vulnerability.

References

https://support.f5.com/kb/en-us/solutions/public/k/75/sol...
x_refsource_CONFIRM
http://securitytracker.com/id/1034632
vdb-entryx_refsource_SECTRACK
http://www.securitytracker.com/id/1034633
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.