CVE-2015-7393
First published: Tue Jan 12 2016(Updated: )
dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 BIG-IQ Application Delivery Controller | =4.5.0 | |
| F5 Application Security Manager | =11.2.0 | |
| F5 Application Security Manager | =11.2.1 | |
| F5 Application Security Manager | =11.3.0 | |
| F5 Application Security Manager | =11.4.0 | |
| F5 Application Security Manager | =11.4.1 | |
| F5 Application Security Manager | =11.5.1 | |
| F5 Application Security Manager | =11.6.0 | |
| F5 Application Security Manager | =12.0.0 | |
| F5 BIG-IQ Security | =4.0.0 | |
| F5 BIG-IQ Security | =4.1.0 | |
| F5 BIG-IQ Security | =4.2.0 | |
| F5 BIG-IQ Security | =4.3.0 | |
| F5 BIG-IQ Security | =4.4.0 | |
| F5 BIG-IQ Security | =4.5.0 | |
| Exinda WAN Optimization Suite | =11.2.0 | |
| Exinda WAN Optimization Suite | =11.2.1 | |
| Exinda WAN Optimization Suite | =11.3.0 | |
| Riverbed SteelApp Traffic Manager | =11.2.1 | |
| Riverbed SteelApp Traffic Manager | =11.3.0 | |
| Riverbed SteelApp Traffic Manager | =11.4.0 | |
| Riverbed SteelApp Traffic Manager | =11.4.1 | |
| Riverbed SteelApp Traffic Manager | =11.5.1 | |
| Riverbed SteelApp Traffic Manager | =11.6.0 | |
| Riverbed SteelApp Traffic Manager | ||
| F5 BIG-IP and BIG-IQ Centralized Management | =4.6.0 | |
| F5 BIG-IP Analytics | =11.0.0 | |
| F5 BIG-IP Analytics | =11.1.0 | |
| F5 BIG-IP Analytics | =11.2.0 | |
| F5 BIG-IP Analytics | =11.2.1 | |
| F5 BIG-IP Analytics | =11.3.0 | |
| F5 BIG-IP Analytics | =11.4.0 | |
| F5 BIG-IP Analytics | =11.4.1 | |
| F5 BIG-IP Analytics | =11.5.0 | |
| F5 BIG-IP Analytics | =11.5.1 | |
| F5 BIG-IP Analytics | =11.6.0 | |
| F5 BIG-IP Analytics | =12.0.0 | |
| F5 BIG-IP Advanced Firewall Manager | =11.3.0 | |
| F5 BIG-IP Advanced Firewall Manager | =11.4.0 | |
| F5 BIG-IP Advanced Firewall Manager | =11.4.1 | |
| F5 BIG-IP Advanced Firewall Manager | =11.5.0 | |
| F5 BIG-IP Advanced Firewall Manager | =11.5.1 | |
| F5 BIG-IP Advanced Firewall Manager | =11.6.0 | |
| F5 BIG-IP Advanced Firewall Manager | =12.0.0 | |
| F5 BIG-IP | =12.0.0 | |
| F5 BIG-IP Protocol Security Manager | =11.2.0 | |
| F5 BIG-IP Protocol Security Manager | =11.2.1 | |
| F5 BIG-IP Protocol Security Manager | =11.3.0 | |
| F5 BIG-IP Protocol Security Manager | =11.4.0 | |
| F5 BIG-IP Protocol Security Manager | =11.4.1 | |
| F5 BIG-IQ Cloud and Orchestration | =4.0.0 | |
| F5 BIG-IQ Cloud and Orchestration | =4.1.0 | |
| F5 BIG-IQ Cloud and Orchestration | =4.2.0 | |
| F5 BIG-IQ Cloud and Orchestration | =4.3.0 | |
| F5 BIG-IQ Cloud and Orchestration | =4.4.0 | |
| F5 BIG-IQ Cloud and Orchestration | =4.5.0 | |
| F5 BIG-IQ Cloud and Orchestration | =1.0.0 | |
| F5 BIG-IP Policy Enforcement Manager | =11.3.0 | |
| F5 BIG-IP Policy Enforcement Manager | =11.4.0 | |
| F5 BIG-IP Policy Enforcement Manager | =11.4.1 | |
| F5 BIG-IP Policy Enforcement Manager | =11.5.0 | |
| F5 BIG-IP Policy Enforcement Manager | =11.5.1 | |
| F5 BIG-IP Policy Enforcement Manager | =11.6.0 | |
| F5 BIG-IP Policy Enforcement Manager | =12.0.0 | |
| F5 Access Policy Manager | =11.2.0 | |
| F5 Access Policy Manager | =11.2.1 | |
| F5 Access Policy Manager | =11.3.0 | |
| F5 Access Policy Manager | =11.4.0 | |
| F5 Access Policy Manager | =11.5.0 | |
| F5 Access Policy Manager | =11.5.1 | |
| F5 Access Policy Manager | =11.6.0 | |
| F5 Access Policy Manager | =12.0.0 | |
| F5 BIG-IP Application Acceleration Manager | =11.4.0 | |
| F5 BIG-IP Application Acceleration Manager | =11.4.1 | |
| F5 BIG-IP Application Acceleration Manager | =11.5.0 | |
| F5 BIG-IP Application Acceleration Manager | =11.5.1 | |
| F5 BIG-IP Application Acceleration Manager | =11.6.0 | |
| F5 BIG-IP Application Acceleration Manager | =12.0.0 | |
| F5 BIG-IP Edge Gateway | =11.2.0 | |
| F5 BIG-IP Edge Gateway | =11.2.1 | |
| F5 BIG-IP Edge Gateway | =11.3.0 | |
| F5 BIG-IQ Device | =4.2.0 | |
| F5 BIG-IQ Device | =4.3.0 | |
| F5 BIG-IQ Device | =4.4.0 | |
| F5 BIG-IQ Device | =4.5.0 | |
| Riverbed SteelApp Traffic Manager | =11.2.0 | |
| Riverbed SteelApp Traffic Manager | =11.2.1 | |
| Riverbed SteelApp Traffic Manager | =11.3.0 | |
| Riverbed SteelApp Traffic Manager | =11.4.0 | |
| Riverbed SteelApp Traffic Manager | =11.4.1 | |
| Riverbed SteelApp Traffic Manager | =11.5.1 | |
| Riverbed SteelApp Traffic Manager | =11.6.0 | |
| Riverbed SteelApp Traffic Manager | =12.0.0 | |
| F5 BIG-IP WebAccelerator | =11.2.0 | |
| F5 BIG-IP WebAccelerator | =11.2.1 | |
| F5 BIG-IP WebAccelerator | =11.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-7393?
CVE-2015-7393 is classified as a high-severity vulnerability due to its potential to allow unauthorized access to sensitive data.
What products are affected by CVE-2015-7393?
CVE-2015-7393 affects various versions of F5 BIG-IP components, including LTM, APM, ASM, and others between versions 11.2.0 and 12.0.0 before HF1.
How do I fix CVE-2015-7393?
To resolve CVE-2015-7393, it is recommended to upgrade all affected F5 BIG-IP products to the latest version or apply the appropriate hotfix as provided by F5.
Can CVE-2015-7393 be exploited remotely?
Yes, CVE-2015-7393 can be exploited remotely, making it critical to patch affected systems as soon as possible.
What types of attacks are possible due to CVE-2015-7393?
CVE-2015-7393 could allow attackers to perform unauthorized actions, potentially leading to data breaches or service disruptions.
- agent/type
- agent/author
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- vendor/f5
- canonical/f5 big-iq application delivery controller
- version/f5 big-iq application delivery controller/4.5.0
- canonical/f5 application security manager
- version/f5 application security manager/11.2.0
- version/f5 application security manager/11.2.1
- version/f5 application security manager/11.3.0
- version/f5 application security manager/11.4.0
- version/f5 application security manager/11.4.1
- version/f5 application security manager/11.5.1
- version/f5 application security manager/11.6.0
- version/f5 application security manager/12.0.0
- canonical/f5 big-iq security
- version/f5 big-iq security/4.0.0
- version/f5 big-iq security/4.1.0
- version/f5 big-iq security/4.2.0
- version/f5 big-iq security/4.3.0
- version/f5 big-iq security/4.4.0
- version/f5 big-iq security/4.5.0
- canonical/exinda wan optimization suite
- version/exinda wan optimization suite/11.2.0
- version/exinda wan optimization suite/11.2.1
- version/exinda wan optimization suite/11.3.0
- canonical/riverbed steelapp traffic manager
- version/riverbed steelapp traffic manager/11.2.1
- version/riverbed steelapp traffic manager/11.3.0
- version/riverbed steelapp traffic manager/11.4.0
- version/riverbed steelapp traffic manager/11.4.1
- version/riverbed steelapp traffic manager/11.5.1
- version/riverbed steelapp traffic manager/11.6.0
- canonical/f5 big-ip and big-iq centralized management
- version/f5 big-ip and big-iq centralized management/4.6.0
- canonical/f5 big-ip analytics
- version/f5 big-ip analytics/11.0.0
- version/f5 big-ip analytics/11.1.0
- version/f5 big-ip analytics/11.2.0
- version/f5 big-ip analytics/11.2.1
- version/f5 big-ip analytics/11.3.0
- version/f5 big-ip analytics/11.4.0
- version/f5 big-ip analytics/11.4.1
- version/f5 big-ip analytics/11.5.0
- version/f5 big-ip analytics/11.5.1
- version/f5 big-ip analytics/11.6.0
- version/f5 big-ip analytics/12.0.0
- canonical/f5 big-ip advanced firewall manager
- version/f5 big-ip advanced firewall manager/11.3.0
- version/f5 big-ip advanced firewall manager/11.4.0
- version/f5 big-ip advanced firewall manager/11.4.1
- version/f5 big-ip advanced firewall manager/11.5.0
- version/f5 big-ip advanced firewall manager/11.5.1
- version/f5 big-ip advanced firewall manager/11.6.0
- version/f5 big-ip advanced firewall manager/12.0.0
- canonical/f5 big-ip
- version/f5 big-ip/12.0.0
- canonical/f5 big-ip protocol security manager
- version/f5 big-ip protocol security manager/11.2.0
- version/f5 big-ip protocol security manager/11.2.1
- version/f5 big-ip protocol security manager/11.3.0
- version/f5 big-ip protocol security manager/11.4.0
- version/f5 big-ip protocol security manager/11.4.1
- canonical/f5 big-iq cloud and orchestration
- version/f5 big-iq cloud and orchestration/4.0.0
- version/f5 big-iq cloud and orchestration/4.1.0
- version/f5 big-iq cloud and orchestration/4.2.0
- version/f5 big-iq cloud and orchestration/4.3.0
- version/f5 big-iq cloud and orchestration/4.4.0
- version/f5 big-iq cloud and orchestration/4.5.0
- version/f5 big-iq cloud and orchestration/1.0.0
- canonical/f5 big-ip policy enforcement manager
- version/f5 big-ip policy enforcement manager/11.3.0
- version/f5 big-ip policy enforcement manager/11.4.0
- version/f5 big-ip policy enforcement manager/11.4.1
- version/f5 big-ip policy enforcement manager/11.5.0
- version/f5 big-ip policy enforcement manager/11.5.1
- version/f5 big-ip policy enforcement manager/11.6.0
- version/f5 big-ip policy enforcement manager/12.0.0
- canonical/f5 access policy manager
- version/f5 access policy manager/11.2.0
- version/f5 access policy manager/11.2.1
- version/f5 access policy manager/11.3.0
- version/f5 access policy manager/11.4.0
- version/f5 access policy manager/11.5.0
- version/f5 access policy manager/11.5.1
- version/f5 access policy manager/11.6.0
- version/f5 access policy manager/12.0.0
- canonical/f5 big-ip application acceleration manager
- version/f5 big-ip application acceleration manager/11.4.0
- version/f5 big-ip application acceleration manager/11.4.1
- version/f5 big-ip application acceleration manager/11.5.0
- version/f5 big-ip application acceleration manager/11.5.1
- version/f5 big-ip application acceleration manager/11.6.0
- version/f5 big-ip application acceleration manager/12.0.0
- canonical/f5 big-ip edge gateway
- version/f5 big-ip edge gateway/11.2.0
- version/f5 big-ip edge gateway/11.2.1
- version/f5 big-ip edge gateway/11.3.0
- canonical/f5 big-iq device
- version/f5 big-iq device/4.2.0
- version/f5 big-iq device/4.3.0
- version/f5 big-iq device/4.4.0
- version/f5 big-iq device/4.5.0
- version/riverbed steelapp traffic manager/11.2.0
- version/riverbed steelapp traffic manager/12.0.0
- canonical/f5 big-ip webaccelerator
- version/f5 big-ip webaccelerator/11.2.0
- version/f5 big-ip webaccelerator/11.2.1
- version/f5 big-ip webaccelerator/11.3.0