CVE-2015-7394

critical F5
CVSS v3 Base Score
9.0
AV:N/AC:L/Au:S/C:C/I:C/A:C
EPSS Score
1.3%
Exploitation probability in 30 days
Top 20% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: November 6, 2015 (3841 days ago)
Last Modified: May 6, 2026
Vendor: F5
Source: NVD

Description

The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, BIG-IP GTM 11.1.0 through 11.6.0, BIG-IP PSM 11.1.0 through 11.4.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ ADC 4.5.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to cause a denial of service or gain privileges by leveraging permission to upload and execute code.

CWE

CWE-264

Affected Products

f5 big-iq devicef5 big-ip policy enforcement managerf5 big-ip global traffic managerf5 big-ip analyticsf5 big-ip link controllerf5 big-ip webacceleratorf5 big-ip application security managerf5 big-iq securityf5 big-ip wan optimization managerf5 big-ip edge gateway

References

🔗 www.securitytracker.com 🔗 www.securitytracker.com 🔗 support.f5.com 🔗 www.securitytracker.com 🔗 www.securitytracker.com