72%
12%
98%
On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVSS 3.1 Base Score 7.2. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).
The following code could be for a medical records application. It displays a record to already authenticated users, confirming the user's authorization using a value stored in a cookie.
}}setcookie("role", $role, time()+60*60*2);die("\n");DisplayMedicalHistory($_POST['patient_ID']);die("You are not Authorized to view this record\n");The programmer expects that the cookie will only be set when getRole() succeeds. The programmer even diligently specifies a 2-hour expiration for the cookie. However, the attacker can easily set the "role" cookie to the value "Reader". As a result, the $role variable is "Reader", and getRole() is never invoked. The attacker has bypassed the authorization system.
ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.
If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.