U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2015-3628

Change History

Modified Analysis by NIST 12/08/2015 4:03:54 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
Configuration 1
     OR
          *cpe:2.3:a:f5:big-iq_security:4.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-iq_security:4.1.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-iq_security:4.2.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-iq_security:4.3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-iq_security:4.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-iq_security:4.5.0:*:*:*:*:*:*:*
Configuration 2
     OR
          *cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.4.1:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.2:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.5.3:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*
Configuration 3
     OR
          *cpe:2.3:a:f5:big-ip_wan_optimization_manager:11.3.0:*:*:*:*:*:*:*
Configuration 4
     OR
          *cpe:2.3:a:f5:big-iq_adc:4.5.0:*:*:*:*:*:*:*
Configuration 5
     OR
          *cpe:2.3:a:f5:big-ip_application_security_manager:11.3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_application_security_manager:11.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_application_security_manager:11.4.1:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_application_security_manager:11.5.2:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_application_security_manager:11.5.3:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*
Configuration 6
     OR
          *cpe:2.3:a:f5:big-ip_global_traffic_manager:11.3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_global_traffic_manager:11.4.1:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.2:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_global_traffic_manager:11.5.3:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*
Configuration 7
     OR
          *cpe:2.3:a:f5:big-iq_device:4.2.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-iq_device:4.3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-iq_device:4.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-iq_device:4.5.0:*:*:*:*:*:*:*
Configuration 8
     OR
          *cpe:2.3:a:f5:big-ip_edge_gateway:11.3.0:*:*:*:*:*:*:*
Configuration 9
     OR
          *cpe:2.3:a:f5:big-ip_local_traffic_manager:11.3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_local_traffic_manager:11.4.1:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.2:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_local_traffic_manager:11.5.3:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*
Configuration 10
     OR
          *cpe:2.3:a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_access_policy_manager:11.4.1:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*
Configuration 11
     OR
          *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.4.1:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.2:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.5.3:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*
Configuration 12
     OR
          *cpe:2.3:a:f5:big-iq_cloud:4.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-iq_cloud:4.1.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-iq_cloud:4.2.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-iq_cloud:4.3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-iq_cloud:4.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-iq_cloud:4.5.0:*:*:*:*:*:*:*
Configuration 13
     OR
          *cpe:2.3:a:f5:big-ip_analytics:11.3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_analytics:11.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_analytics:11.4.1:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_analytics:11.5.2:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_analytics:11.5.3:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*
Configuration 14
     OR
          *cpe:2.3:h:f5:big-ip_protocol_security_manager:11.3.0:*:*:*:*:*:*:*
          *cpe:2.3:h:f5:big-ip_protocol_security_manager:11.4.0:*:*:*:*:*:*:*
          *cpe:2.3:h:f5:big-ip_protocol_security_manager:11.4.1:*:*:*:*:*:*:*
Configuration 15
     OR
          *cpe:2.3:a:f5:big-ip_webaccelerator:11.3.0:*:*:*:*:*:*:*
Configuration 16
     OR
          *cpe:2.3:a:f5:big-ip_link_controller:11.3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_link_controller:11.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_link_controller:11.4.1:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_link_controller:11.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_link_controller:11.5.2:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_link_controller:11.5.3:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*
Configuration 17
     OR
          *cpe:2.3:a:f5:big-ip_enterprise_manager:3.0.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_enterprise_manager:3.1.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_enterprise_manager:3.1.1:*:*:*:*:*:*:*
Configuration 18
     OR
          *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.4.1:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.5.3:*:*:*:*:*:*:*
          *cpe:2.3:a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Added CWE

								
							
							
						
CWE-264
Changed Reference Type
http://packetstormsecurity.com/files/134434/F5-iControl-iCall-Script-Root-Command-Execution.html No Types Assigned
http://packetstormsecurity.com/files/134434/F5-iControl-iCall-Script-Root-Command-Execution.html Exploit
Changed Reference Type
http://www.rapid7.com/db/modules/exploit/linux/http/f5_icall_cmd No Types Assigned
http://www.rapid7.com/db/modules/exploit/linux/http/f5_icall_cmd Exploit
Changed Reference Type
https://support.f5.com/kb/en-us/solutions/public/16000/700/sol16728.html No Types Assigned
https://support.f5.com/kb/en-us/solutions/public/16000/700/sol16728.html Advisory