 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.105506 |
| Category: | F5 Local Security Checks |
| Title: | F5 BIG-IP - Privilege escalation vulnerability CVE-2015-7393 |
| Summary: | The remote host is missing a security patch. |
| Description: | Summary: The remote host is missing a security patch. Vulnerability Insight: The dcoep executable as shipped with BIG-IP versions 11.2.0 through 12.0.0 allows a local privilege escalation via undisclosed vectors to an authenticated local user. Vulnerability Impact: A locally authenticated user with advanced shell (bash) access may be able to escalate privileges and gain administrative access. However, in order for a lower privilege user to exploit this vulnerability, the user account would need to be granted advanced shell (bash) access through manual modification of the Linux configuration files. This configuration is not supported on the affected F5 platforms. Solution: See the referenced vendor advisory for a solution. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-7393 http://securitytracker.com/id/1034632 http://www.securitytracker.com/id/1034633 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |