Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-4040

CWE-22 — Path Traversal4 documents4 sources

Severity

4.0MEDIUM

EPSS

6.8%

top 8.68%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +11 more

Timeline

PublishedSep 17

Latest updateMay 17

Description

Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages14 packages

▶NVDf5/big-ip_access_policy_manager11.6.0

▶NVDf5/enterprise_manager3.0.0, 3.1.0, 3.1.1+2

▶NVDf5/big-ip_local_traffic_manager11.6.0

▶NVDf5/big-ip_global_traffic_manager11.3.0

▶NVDf5/big-ip_wan_optimization_manager11.3.0

🔴Vulnerability Details

GHSA

GHSA-pr85-mf4f-rm29: Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12↗2022-05-17

▶

CVEList

CVE-2015-4040: Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12↗2015-09-17

▶

💥Exploits & PoCs

Exploit-DB

F5 Big-IP 10.2.4 Build 595.0 Hotfix HF3 - Directory Traversal↗2015-10-13

▶