CVE-2014-2928

high F5
CVSS v3 Base Score
7.1
AV:N/AC:H/Au:S/C:C/I:C/A:C
EPSS Score
64.6%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Confidentiality
C
Integrity
C
Availability
C
Published: May 12, 2014 (4384 days ago)
Last Modified: May 6, 2026
Vendor: F5
Source: NVD

Description

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitrary commands via shell metacharacters in the hostname element in a SOAP request.

CWE

NVD-CWE-Other

Affected Products

f5 big-ip webacceleratorf5 big-ip local traffic managerf5 big-ip protocol security modulef5 big-ip link controllerf5 big-ip application security managerf5 big-ip global traffic managerf5 big-ip wan optimization managerf5 big-ip access policy managerf5 big-ip edge gateway

References

🔗 seclists.org 🔗 support.f5.com 🔗 www.exploit-db.com 🔗 www.osvdb.org 🔗 seclists.org