Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-3220F5 Big-iq vulnerability

CWE-2554 documents4 sources
Severity
9.0CRITICALNVD
EPSS
31.9%
top 3.19%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
F5 Big-iq
Timeline
PublishedMay 5
Latest updateMay 17

Description

F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages1 packages

NVDf5/big-iq4.1.0.2013.0

🔴Vulnerability Details

2
GHSA
GHSA-f77m-92x8-hvjr: F5 BIG-IQ Cloud and Security 42022-05-17
CVEList
CVE-2014-3220: F5 BIG-IQ Cloud and Security 42014-05-05

💥Exploits & PoCs

1
Exploit-DB
F5 BIG-IQ 4.1.0.2013.0 - Privilege Escalation (Metasploit)2014-05-02
CVE-2014-3220 — F5 Big-iq vulnerability | cvebase