F5 Networks BIG-IP : ConfigSync IP Rsync full file system access vulnerability (K15236)

high Nessus Plugin ID 78167

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.
(CVE-2014-2927)

Impact

A remote unauthenticated user with access to the ConfigSync IP address may be allowed full read/write access to the file system. Exploitation of this vulnerability could lead to unauthenticated root access.

Solution

Upgrade to one of the non-vulnerable versions listed in the F5 Solution K15236.

See Also

https://support.f5.com/csp/article/K15236

Plugin Details

Severity: High

ID: 78167

File Name: f5_bigip_SOL15236.nasl

Version: 1.8

Type: local

Published: 10/10/2014

Updated: 3/10/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:f5:big-ip_access_policy_manager, cpe:/a:f5:big-ip_advanced_firewall_manager, cpe:/a:f5:big-ip_application_acceleration_manager, cpe:/a:f5:big-ip_application_security_manager, cpe:/a:f5:big-ip_application_visibility_and_reporting, cpe:/a:f5:big-ip_global_traffic_manager, cpe:/a:f5:big-ip_link_controller, cpe:/a:f5:big-ip_local_traffic_manager, cpe:/a:f5:big-ip_policy_enforcement_manager, cpe:/a:f5:big-ip_wan_optimization_manager, cpe:/a:f5:big-ip_webaccelerator, cpe:/h:f5:big-ip, cpe:/h:f5:big-ip_protocol_security_manager

Required KB Items: Host/local_checks_enabled, Settings/ParanoidReport, Host/BIG-IP/hotfix, Host/BIG-IP/modules, Host/BIG-IP/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/4/2015

Vulnerability Publication Date: 10/15/2014

Reference Information

CVE: CVE-2014-2927

BID: 69461