What is the severity of CVE-2015-4637?

CVE-2015-4637 is considered a high severity vulnerability due to its potential for remote exploitation and unauthorized access.

How do I fix CVE-2015-4637?

To mitigate CVE-2015-4637, ensure that your F5 BIG-IQ devices are updated to at least version 4.5.0 HF2 or 4.4.0 HF2 to disable anonymous BIND operations.

What systems are affected by CVE-2015-4637?

CVE-2015-4637 affects F5 BIG-IQ Cloud, Device, and Security versions 4.4.0 and 4.5.0 before HF2.

Can CVE-2015-4637 allow unauthorized access?

Yes, CVE-2015-4637 can allow remote attackers to obtain an authentication token for arbitrary users if the LDAP server permits anonymous BIND operations.

What should I do if I cannot update to a secure version for CVE-2015-4637?

If unable to update, consider disabling LDAP authentication or enforcing restrictions on anonymous BIND operations as a temporary workaround for CVE-2015-4637.

Vulnerability/
CVE-2015-4637

medium

4.3

CWE

17 310

16/7/2015

6/8/2024

CVE-2015-4637

First published: Thu Jul 16 2015(Updated: )

The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND operations, allows remote attackers to obtain an authentication token for arbitrary users by guessing an LDAP user account name.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
F5 BIG-IQ Application Delivery Controller	=4.5.0
F5 BIG-IQ Cloud and Orchestration	=4.4.0
F5 BIG-IQ Cloud and Orchestration	=4.5.0
F5 BIG-IQ Device	=4.4.0
F5 BIG-IQ Device	=4.5.0
F5 BIG-IQ Security	=4.4.0
F5 BIG-IQ Security	=4.5.0

Never miss a vulnerability like this again

Reference Links

https://support.f5.com/kb/en-us/solutions/public/16000/800/sol16861.html

Frequently Asked Questions

What is the severity of CVE-2015-4637?
CVE-2015-4637 is considered a high severity vulnerability due to its potential for remote exploitation and unauthorized access.
How do I fix CVE-2015-4637?
To mitigate CVE-2015-4637, ensure that your F5 BIG-IQ devices are updated to at least version 4.5.0 HF2 or 4.4.0 HF2 to disable anonymous BIND operations.
What systems are affected by CVE-2015-4637?
CVE-2015-4637 affects F5 BIG-IQ Cloud, Device, and Security versions 4.4.0 and 4.5.0 before HF2.
Can CVE-2015-4637 allow unauthorized access?
Yes, CVE-2015-4637 can allow remote attackers to obtain an authentication token for arbitrary users if the LDAP server permits anonymous BIND operations.
What should I do if I cannot update to a secure version for CVE-2015-4637?
If unable to update, consider disabling LDAP authentication or enforcing restrictions on anonymous BIND operations as a temporary workaround for CVE-2015-4637.

agent/type
agent/weakness
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/references
agent/description
agent/event
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/f5
canonical/f5 big-iq application delivery controller
version/f5 big-iq application delivery controller/4.5.0
canonical/f5 big-iq cloud and orchestration
version/f5 big-iq cloud and orchestration/4.4.0
version/f5 big-iq cloud and orchestration/4.5.0
canonical/f5 big-iq device
version/f5 big-iq device/4.4.0
version/f5 big-iq device/4.5.0
canonical/f5 big-iq security
version/f5 big-iq security/4.4.0
version/f5 big-iq security/4.5.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.