Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-2928

CWE-13417 documents7 sources
Severity
7.1HIGH
EPSS
64.6%
top 1.54%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
9
F5 Big-ip Access Policy ManagerF5 Big-ip Application Security ManagerF5 Big-ip Edge Gateway+6 more
Timeline
PublishedMay 12
Latest updateJan 13

Description

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 10.1.0 through 10.2.4 and 11.0.0 through 11.3.0, Enterprise Manager 2.1.0 through 2.3.0 and 3.0.0 through 3.1.1, and BIG-IQ Cloud, Device, and Security 4.0.0 through 4.3.0 allows remote administrators to execute arbitra

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages9 packages

NVDf5/big-ip_edge_gateway5 versions+4
NVDf5/big-ip_link_controller7 versions+6
NVDf5/big-ip_webaccelerator22 versions+21

🔴Vulnerability Details

3
OSV
team: fix check for port enabled in team_queue_override_port_prio_changed()2026-01-13
GHSA
GHSA-2ggw-q935-g2j9: The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 102022-05-17
CVEList
CVE-2014-2928: The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 102014-05-12

💥Exploits & PoCs

1
Exploit-DB
F5 iControl - Remote Command Execution (Metasploit)2014-10-09