What is CVE-2014-2928?

CVE-2014-2928 is a vulnerability in F5 Big-ip_access_policy_manager. Published 2014-05-12.

Is CVE-2014-2928 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in F5 Big-ip_access_policy_manager

CVE-2014-2928

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1…

EPSS: 0.646 (98.5th percentile) — read the EPSS interpretation.

Affected products

F5 Big-ip_access_policy_manager — versions 10.1.0, 10.2.0, 10.2.1
F5 Big-ip_application_security_manager — versions 10.0.0, 10.0.1, 10.1.0
F5 Big-ip_edge_gateway — versions 10.1.0, 10.2.0, 10.2.1
F5 Big-ip_global_traffic_manager — versions 10.0.0, 10.0.1, 10.1.0
F5 Big-ip_link_controller — versions 10.0.0, 10.0.1, 10.1.0
F5 Big-ip_local_traffic_manager — versions 10.0.0, 10.0.1, 10.1.0
F5 Big-ip_protocol_security_module — versions 9.4.5, 9.4.6, 9.4.7
F5 Big-ip_wan_optimization_manager — versions 10.0.0, 10.0.1, 10.1.0
F5 Big-ip_webaccelerator — versions 9.4.0, 9.4.1, 9.4.2
N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

20140507 Moar F5 fun in iControl API (mailing-list, x_refsource_FULLDISC)
34927 (Exploit, exploit, x_refsource_EXPLOIT-DB)
cret@cert.org (x_refsource_CONFIRM, Vendor Advisory)
106728 (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2014-2928?: CVE-2014-2928 is a vulnerability in F5 Big-ip_access_policy_manager. Published 2014-05-12.
Is CVE-2014-2928 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.