CVE-2015-7393

moderate-risk
Published 2016-01-12

dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.4/10 High
LOCAL / HIGH complexity

Affected Products (20)

Big-Ip Global Traffic Manager11.2.0

Affected Vendors

F5

References (6)

http://securitytracker.com/id/1034632
http://www.securitytracker.com/id/1034633
Vendor Advisory https://support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html
http://securitytracker.com/id/1034632
http://www.securitytracker.com/id/1034633
Vendor Advisory https://support.f5.com/kb/en-us/solutions/public/k/75/sol75136237.html
49
/ 100
moderate-risk
Severity 19/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 30/34 · Critical