SecuritySpace - CVE-2014-2927

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

CVE ID: CVE-2014-2927

Description: The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.

Test IDs: 1.3.6.1.4.1.25623.1.0.105306 1.3.6.1.4.1.25623.1.0.105172

Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2014-2927
http://www.exploit-db.com/exploits/34465
http://www.security-assessment.com/files/documents/advisory/F5_Unauthenticated_rsync_access_to_Remote_Root_Code_Execution.pdf

CVE ID:	CVE-2014-2927
Description:	The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.
Test IDs:	1.3.6.1.4.1.25623.1.0.105306 1.3.6.1.4.1.25623.1.0.105172
Cross References:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2927 http://www.exploit-db.com/exploits/34465 http://www.security-assessment.com/files/documents/advisory/F5_Unauthenticated_rsync_access_to_Remote_Root_Code_Execution.pdf