What is CVE-2015-8611?

CVE-2015-8611 is a critical-severity vulnerability in F5 Big-ip_access_policy_manager, classified under CWE-255. CVSS score: 9.8/10. Published 2016-01-12.

How severe is CVE-2015-8611?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2015-8611 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in F5 Big-ip_access_policy_manager

CVE-2015-8611

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow r…

EPSS: 0.036 (88.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

F5 Big-ip_access_policy_manager — versions 12.0.0
F5 Big-ip_advanced_firewall_manager — versions 12.0.0
F5 Big-ip_analytics — versions 12.0.0
F5 Big-ip_application_acceleration_manager — versions 12.0.0
F5 Big-ip_application_security_manager — versions 12.0.0
F5 Big-ip_domain_name_system — versions 12.0.0
F5 Big-ip_link_controller — versions 12.0.0
F5 Big-ip_local_traffic_manager — versions 12.0.0
F5 Big-ip_policy_enforcement_manager — versions 12.0.0
N/a — versions n/a

Weakness classification (CWE)

CWE-255

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
1034629 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2015-8611?: CVE-2015-8611 is a critical-severity vulnerability in F5 Big-ip_access_policy_manager, classified under CWE-255. CVSS score: 9.8/10. Published 2016-01-12.
How severe is CVE-2015-8611?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2015-8611 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.