CVE-2015-4637 — F5 Big-iq Cloud vulnerability

CWE-17 CWE-3103 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 40.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-iq ADC F5 Big-iq Cloud F5 Big-iq Device +1 more

Timeline

PublishedJul 16

Latest updateMay 17

Description

The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDf5/big-iq_cloud4.4.0, 4.5.0+1

▶NVDf5/big-iq_device4.4.0, 4.5.0+1

▶NVDf5/big-iq_security4.4.0, 4.5.0+1

▶NVDf5/big-iq_adc4.5.0

🔴Vulnerability Details

GHSA

GHSA-3p2c-v2vr-8p3x: The REST API in F5 BIG-IQ Cloud, Device, and Security 4↗2022-05-17

▶

CVEList

CVE-2015-4637: The REST API in F5 BIG-IQ Cloud, Device, and Security 4↗2015-07-16

▶