CVE-2014-2927

critical F5
CVSS v3 Base Score
9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS Score
7.4%
Exploitation probability in 30 days
Top 8% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C
Published: October 15, 2014 (4228 days ago)
Last Modified: May 6, 2026
Vendor: F5
Source: NVD

Description

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.

CWE

CWE-287

Affected Products

f5 arxf5 big-ip access policy managerf5 big-ip advanced firewall managerf5 big-ip analyticsf5 big-ip application acceleration managerf5 big-ip application security managerf5 big-ip edge gatewayf5 big-ip global traffic managerf5 big-ip link controllerf5 big-ip local traffic manager

References

🔗 www.exploit-db.com 🔗 www.security-assessment.com 🔗 support.f5.com 🔗 www.exploit-db.com 🔗 www.security-assessment.com