Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-8727 — Path Traversal in F5 Big-ip Local Traffic Manager

CWE-22 — Path Traversal3 documents3 sources

Severity

6.2MEDIUMNVD

EPSS

0.2%

top 62.63%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

F5 Big-ip Local Traffic Manager

Timeline

PublishedNov 17

Latest updateMay 17

Description

Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form.

CVSS vector

AV:L/AC:L/C:N/I:C/A:CExploitability: 3.1 | Impact: 9.2

Affected Packages1 packages

▶NVDf5/big-ip_local_traffic_manager10.2.1

🔴Vulnerability Details

GHSA

GHSA-598q-2q8q-vp87: Multiple directory traversal vulnerabilities in F5 BIG-IP before 10↗2022-05-17

▶

💥Exploits & PoCs

Exploit-DB

F5 BIG-IP 10.1.0 - Directory Traversal↗2014-11-13

▶