Test Kennung:	1.3.6.1.4.1.25623.1.0.105347
Kategorie:	F5 Local Security Checks
Titel:	F5 BIG-IP - iCall privilege escalation vulnerability CVE-2015-3628
Zusammenfassung:	F5 BIG-IP is prone to a privilege escalation vulnerability
Beschreibung:	Summary: F5 BIG-IP is prone to a privilege escalation vulnerability Vulnerability Insight: An authenticated user, with Resource Administrator role permissions, is able to use iCall scripts and associated handlers to create and modify user account properties. Vulnerability Impact: An authenticated user with limited access (Resource Administration) may be able to escalate privileges and gain administrative access. Solution: See the referenced vendor advisory for a solution. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-3628 https://www.exploit-db.com/exploits/38764/ http://packetstormsecurity.com/files/134434/F5-iControl-iCall-Script-Root-Command-Execution.html http://www.rapid7.com/db/modules/exploit/linux/http/f5_icall_cmd https://gdssecurity.squarespace.com/labs/2015/9/8/f5-icallscript-privilege-escalation-cve-2015-3628.html http://www.securitytracker.com/id/1034306 http://www.securitytracker.com/id/1034307
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.