CVE-2015-8611

Loading...

General

Score:10.0/10.0
Severity:High
Category:Access Management Error

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Network
Access Complexity:Low
Authentication:None

Published on 12/01/16 - Updated on 14/01/16

Description

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote attackers to obtain login access to AOM via an (1) expired or (2) default password.

Category: Access Management Error

CWE-255 (Credentials Management)
Weaknesses in this category are related to the management of credentials.

Security Notices

US National Vulnerability DatabaseCVE-2015-8611

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
f5big-ip_access_policy_manager
f5big-ip_advanced_firewall_manager
f5big-ip_analytics
f5big-ip_application_acceleration_manager
f5big-ip_application_security_manager
f5big-ip_domain_name_system
f5big-ip_link_controller
f5big-ip_local_traffic_manager
f5big-ip_policy_enforcement_manager

Share this vulnerability with:

Twitter Facebook LinkedIn Mail