Back to search
CVE-2014-2927
Published: Oct 15, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15236.html
x_refsource_CONFIRM
34465
exploit
x_refsource_EXPLOIT-DB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now