CVE-2014-2927 - Improper Authentication

Severity

93%

Complexity

86%

Confidentiality

165%

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Demo Examples

Improper Authentication

CWE-287

The following code intends to ensure that the user is already logged in. If not, the code performs authentication with the user-provided username and password. If successful, it sets the loggedin and user cookies to "remember" that the user has already logged in. Finally, the code performs administrator tasks if the logged-in user has the "Administrator" username, as recorded in the user cookie.


               
}

                     
}
ExitError("Error: you need to log in first");

                           

                              
);
);
DoAdministratorTasks();

Unfortunately, this code can be bypassed. The attacker can set the cookies independently so that the code does not check the username and password. The attacker could do this with an HTTP request containing headers such as:


               
[body of request]

By setting the loggedin cookie to "true", the attacker bypasses the entire authentication check. By using the "Administrator" value in the user cookie, the attacker also gains privileges to administer the software.

Improper Authentication

CWE-287

Overview

Type

F5

First reported 10 years ago

2014-10-15 14:55:00

Last updated 10 years ago

2015-01-26 18:32:00

Affected Software

F5 ARX 6.0.0

6.0.0

F5 ARX 6.1.0

6.1.0

F5 ARX 6.1.1

6.1.1

F5 ARX 6.2.0

6.2.0

F5 ARX 6.3.0

6.3.0

F5 ARX 6.4.0

6.4.0

F5 Big-IP Access Policy Manager (APM) 10.1.0

10.1.0

F5 BIG-IP Access Policy Manager (APM) 10.2.0

10.2.0

F5 BIG-IP Access Policy Manager (APM) 10.2.1

10.2.1

F5 BIG-IP Access Policy Manager (APM) 10.2.2

10.2.2

F5 BIG-IP Access Policy Manager (APM) 10.2.3

10.2.3

F5 Big-IP Access Policy Manager (APM) 10.2.4

10.2.4

F5 Big-IP Access Policy Manager (APM) 11.0.0

11.0.0

F5 Big-IP Access Policy Manager (APM) 11.1.0

11.1.0

F5 Big-IP Access Policy Manager (APM) 11.2.0

11.2.0

F5 Big-IP Access Policy Manager (APM) 11.2.1

11.2.1

F5 Big-IP Access Policy Manager (APM) 11.3.0

11.3.0

F5 BIG-IP Access Policy Manager 11.4.0

11.4.0

F5 BIG-IP Access Policy Manager 11.4.1

11.4.1

F5 BIG-IP Access Policy Manager 11.5.0

11.5.0

F5 Big-IP Access Policy Manager (APM) 11.5.1

11.5.1

F5 Big-IP Access Policy Manager (APM) 11.6.0

11.6.0

F5 BIG-IP Advanced Firewall Manager 11.3.0

11.3.0

F5 BIG-IP Advanced Firewall Manager 11.4.0

11.4.0

F5 BIG-IP Advanced Firewall Manager 11.4.1

11.4.1

F5 BIG-IP Advanced Firewall Manager 11.5.0

11.5.0

F5 Networks BIGIP Advanced Firewall Manager 11.5.1

11.5.1

F5 BIG-IP Advanced Firewall Manager 11.6.0

11.6.0

F5 BIG-IP Analytics 11.0.0

11.0.0

F5 BIG-IP Analytics 11.1.0

11.1.0

F5 BIG-IP Analytics 11.2.0

11.2.0

F5 Networks BIGIP Analytics 11.2.1

11.2.1

F5 BIG-IP Analytics 11.3.0

11.3.0

F5 BIG-IP Analytics 11.4.0

11.4.0

F5 BIG-IP Analytics 11.4.1

11.4.1

F5 BIG-IP Analytics 11.5.0

11.5.0

F5 Networks BIGIP Analytics 11.5.1

11.5.1

F5 BIG-IP Analytics 11.6.0

11.6.0

F5 Networks BIGIP Application Acceleration Manager 11.4.0

11.4.0

F5 BIG-IP Application Acceleration Manager 11.4.1

11.4.1

F5 BIG-IP Application Acceleration Manager 11.5.0

11.5.0

F5 Networks BIGIP Application Acceleration Manager 11.5.1

11.5.1

F5 BIG-IP Application Acceleration Manager 11.6.0

11.6.0

F5 BIG-IP Application Security Manager 10.0.0

10.0.0

F5 BIG-IP Application Security Manager 10.0.1

10.0.1

F5 BIG-IP Application Security Manager (APM) 10.1.0

10.1.0

F5 BIG-IP Application Security Manager (APM) 10.2.0

10.2.0

F5 BIG-IP Application Security Manager (APM) 10.2.1

10.2.1

F5 BIG-IP Application Security Manager (APM) 10.2.2

10.2.2

F5 BIG-IP Application Security Manager (APM) 10.2.3

10.2.3

F5 BIG-IP Application Security Manager (APM) 10.2.4

10.2.4

F5 BIG-IP Application Security Manager (PSM) 11.0.0

11.0.0

F5 BIG-IP Application Security Manager (PSM) 11.1.0

11.1.0

F5 BIG-IP Application Security Manager (ASM) 11.2.0

11.2.0

F5 Networks BIG-IP Application Security Manager 11.2.1

11.2.1

F5 BIG-IP Application Security Manager 11.3.0

11.3.0

F5 BIG-IP Application Security Manager 11.4.0

11.4.0

F5 BIG-IP Application Security Manager 11.4.1

11.4.1

F5 BIG-IP Application Security Manager 11.5.0

11.5.0

F5 Networks BIG-IP Application Security Manager 11.5.1

11.5.1

F5 BIG-IP Application Security Manager 11.6.0

11.6.0

F5 BIG-IP IP Edge Gateway 10.1.0

10.1.0

F5 BIG-IP Edge Gateway 10.2.0

10.2.0

F5 BIG-IP Edge Gateway 10.2.1

10.2.1

F5 BIG-IP Edge Gateway 10.2.2

10.2.2

F5 BIG-IP Edge Gateway 10.2.3

10.2.3

F5 BIG-IP IP Edge Gateway 10.2.4

10.2.4

F5 BIG-IP IP Edge Gateway 11.0.0

11.0.0

F5 BIG-IP Edge Gateway 11.1.0

11.1.0

F5 BIG-IP Edge Gateway 11.2.0

11.2.0

F5 BIG-IP IP Edge Gateway 11.2.1

11.2.1

F5 BIG-IP IP Edge Gateway 11.3.0

11.3.0

F5 BIG-IP Global Traffic Manager 10.0.0

10.0.0

F5 BIG-IP Global Traffic Manager 10.0.1

10.0.1

F5 BIG-IP Global Traffic Manager (GTM) 10.1.0

10.1.0

F5 BIG-IP Global Traffic Manager (GTM) 10.2.0

10.2.0

F5 BIG-IP Global Traffic Manager (GTM) 10.2.1

10.2.1

F5 BIG-IP Global Traffic Manager (GTM) 10.2.2

10.2.2

F5 BIG-IP Global Traffic Manager (GTM) 10.2.3

10.2.3

F5 BIG-IP Global Traffic Manager (GTM) 10.2.4

10.2.4

F5 BIG-IP Global Traffic Manager (GTM) 11.0.0

11.0.0

F5 BIG-IP Global Traffic Manager (GTM) 11.1.0

11.1.0

F5 BIG-IP Global Traffic Manager (GTM) 11.2.0

11.2.0

F5 Networks BIGIP Global Traffic Manager 11.2.1

11.2.1

F5 BIG-IP Global Traffic Manager 11.3.0

11.3.0

F5 BIG-IP Global Traffic Manager 11.4.0

11.4.0

F5 BIG-IP Global Traffic Manager 11.4.1

11.4.1

F5 BIG-IP Global Traffic Manager 11.5.0

11.5.0

F5 Networks BIGIP Global Traffic Manager 11.5.1

11.5.1

F5 BIG-IP Global Traffic Manager 11.6.0

11.6.0

F5 BIG-IP Link Controller 10.0.0

10.0.0

F5 BIG-IP Link Controller 10.0.1

10.0.1

F5 BIG-IP Link Controller 10.1.0

10.1.0

F5 BIG-IP Link Controller 10.2.0

10.2.0

F5 BIG-IP Link Controller 10.2.1

10.2.1

F5 BIG-IP Link Controller 10.2.2

10.2.2

F5 BIG-IP Link Controller 10.2.3

10.2.3

F5 BIG-IP Link Controller 10.2.4

10.2.4

F5 BIG-IP Link Controller 11.0.0

11.0.0

F5 BIG-IP Link Controller 11.1.0

11.1.0

F5 BIG-IP Link Controller 11.2.0

11.2.0

F5 Networks BIGIP Link Controller 11.2.1

11.2.1

F5 BIG-IP Link Controller 11.3.0

11.3.0

F5 BIG-IP Link Controller 11.4.0

11.4.0

F5 BIG-IP Link Controller 11.4.1

11.4.1

F5 BIG-IP Link Controller 11.5.0

11.5.0

F5 Networks BIGIP Link Controller 11.5.1

11.5.1

F5 BIG-IP Link Controller 11.6.0

11.6.0

F5 BIG-IP Local Traffic Manager (LTM) 10.0.0

10.0.0

F5 BIG-IP Local Traffic Manager (LTM) 10.0.1

10.0.1

F5 BIG-IP Local Traffic Manager (LTM) 10.1.0

10.1.0

F5 BIG-IP Local Traffic Manager (LTM) 10.2.0

10.2.0

F5 BIG-IP Local Traffic Manager (LTM) 10.2.1

10.2.1

F5 BIG-IP Local Traffic Manager (LTM) 10.2.2

10.2.2

F5 BIG-IP Local Traffic Manager (LTM) 10.2.3

10.2.3

F5 BIG-IP Local Traffic Manager (LTM) 10.2.4

10.2.4

F5 BIG-IP Local Traffic Manager (LTM) 11.0.0

11.0.0

F5 BIG-IP Local Traffic Manager (LTM) 11.1.0

11.1.0

F5 BIG-IP Local Traffic Manager (LTM)11.2.0

11.2.0

F5 Networks BIGIP Local Traffic Manager (LTM) 11.2.1

11.2.1

F5 BIG-IP Local Traffic Manager 11.3.0

11.3.0

F5 BIG-IP Local Traffic Manager 11.4.0

11.4.0

F5 BIG-IP Local Traffic Manager 11.4.1

11.4.1

F5 BIG-IP Local Traffic Manager 11.5.0

11.5.0

F5 Networks BIGIP Local Traffic Manager (LTM) 11.5.1

11.5.1

F5 BIG-IP Local Traffic Manager 11.6.0

11.6.0

F5 Networks BIGIP Policy Enforcement Manager 11.3.0

11.3.0

F5 BIG-IP Policy Enforcement Manager 11.4.0

11.4.0

F5 BIG-IP Policy Enforcement Manager 11.4.1

11.4.1

F5 BIG-IP Policy Enforcement Manager 11.5.0

11.5.0

F5 Networks BIGIP Policy Enforcement Manager 11.5.1

11.5.1

F5 BIG-IP Policy Enforcement Manager 11.6.0

11.6.0

F5 BIG-IP Protocol Security Module (PSM) 10.0.0

10.0.0

F5 BIG-IP Protocol Security Module (PSM) 10.0.1

10.0.1

F5 BIG-IP Protocol Security Module (PSM) 10.1.0

10.1.0

F5 BIG-IP Protocol Security Module (PSM) 10.2.0

10.2.0

F5 BIG-IP Protocol Security Module (PSM) 10.2.1

10.2.1

F5 BIG-IP Protocol Security Module (PSM) 10.2.2

10.2.2

F5 BIG-IP Protocol Security Module (PSM) 10.2.3

10.2.3

F5 BIG-IP Protocol Security Module (PSM) 10.2.4

10.2.4

F5 BIG-IP Protocol Security Module (PSM) 11.0.0

11.0.0

F5 BIG-IP Protocol Security Module (PSM) 11.1.0

11.1.0

F5 BIG-IP Protocol Security Module (PSM) 11.2.0

11.2.0

F5 Networks BIGIP Protocol Security Module 11.2.1

11.2.1

F5 BIG-IP Protocol Security Module (PSM) 11.3.0

11.3.0

F5 BIG-IP Protocol Security Module (PSM) 11.4.0

11.4.0

F5 Networks BIGIP Protocol Security Module 11.4.1

11.4.1

F5 BIG-IP WAN Optimization Manager 10.0.1

10.0.1

F5 BIG-IP Wan Optimization Manager (WOM) 10.1.0

10.1.0

F5 BIG-IP Wan Optimization Manager (WOM) 10.2.0

10.2.0

F5 BIG-IP Wan Optimization Manager (WOM) 10.2.1

10.2.1

F5 BIG-IP Wan Optimization Manager (WOM) 10.2.2

10.2.2

F5 BIG-IP Wan Optimization Manager (WOM) 10.2.3

10.2.3

F5 BIG-IP Wan Optimization Manager (WOM) 10.2.4

10.2.4

F5 BIG-IP Wan Optimization Manager (WOM) 11.0.0

11.0.0

F5 BIG-IP Wan Optimization Manager (WOM) 11.1.0

11.1.0

F5 BIG-IP WAN Optimization Manager (WOM) 11.2.0

11.2.0

F5 Networks BIGIP WAN Optimization Manager 11.2.1

11.2.1

F5 Networks BIGIP WAN Optimization Manager 11.3.0

11.3.0

F5 BIG-IP WebAccelerator 10.0.0

10.0.0

F5 BIG-IP WebAccelerator 10.0.1

10.0.1

F5 BIG-IP WebAccelerator 10.1.0

10.1.0

F5 BIG-IP WebAccelerator 10.2.0

10.2.0

F5 BIG-IP WebAccelerator 10.2.1

10.2.1

F5 BIG-IP WebAccelerator 10.2.2

10.2.2

F5 BIG-IP WebAccelerator 10.2.3

10.2.3

F5 BIG-IP WebAccelerator 10.2.4

10.2.4

F5 BIG-IP WebAccelerator 11.0.0

11.0.0

F5 BIG-IP WebAccelerator 11.1.0

11.1.0

F5 BIG-IP WebAccelerator 11.2.0

11.2.0

F5 Networks BIGIP WebAccelerator 11.2.1

11.2.1

F5 Networks BIGIP WebAccelerator 11.3.0

11.3.0

F5 Big-IQ Cloud 4.0.0

4.0.0

F5 Big-IQ Cloud 4.1.0

4.1.0

F5 Big-IQ Cloud 4.2.0

4.2.0

F5 Big-IQ Cloud 4.3.0

4.3.0

F5 Big-IQ Device 4.2.0

4.2.0

F5 Big-IQ Device 4.3.0

4.3.0

F5 Big-IQ Security 4.0.0

4.0.0

F5 Big-IQ Security 4.1.0

4.1.0

F5 Big-IQ Security 4.2.0

4.2.0

F5 Big-IQ Security 4.3.0

4.3.0

F5 Enterprise Manager 2.1.0

2.1.0

F5 Enterprise Manager 2.2.0

2.2.0

F5 Enterprise Manager 2.3.0

2.3.0

F5 Networks Enterprise Manager 3.0.0

3.0.0

F5 Networks Enterprise Manager 3.1.1

3.1.1

F5 Firepass 6.0.0

6.0.0

F5 Firepass 6.0.1

6.0.1

F5 Firepass 6.0.2

6.0.2

F5 Firepass 6.0.3

6.0.3

F5 Firepass 6.1.0

6.1.0

F5 Firepass 7.0.0

7.0.0

References

34465

Exploit

http://www.security-assessment.com/files/documents/advisory/F5_Unauthenticated_rsync_access_to_Remote_Root_Code_Execution.pdf

Exploit

https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15236.html

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.