Intrusion Prevention

F5.iControl.Remote.Root.Command.Injection

Description

This indicates an attack attempt to exploit a Code Injection Vulnerability in F5 iControl module.
The vulnerability is due to an insufficient input validation error when the vulnerable module handles a crafted SOAP request. A remote attacker could exploit this to execute arbitrary code within the context of target application, via a crafted SOAP request.

Affected Products

F5 BIG-IP LTM 11.0.0 - 11.5.1
F5 BIG-IP AAM 11.4.0 - 11.5.1
F5 BIG-IP AFM 11.3.0 - 11.5.1
F5 BIG-IP Analytics 11.0.0 - 11.5.1
F5 BIG-IP APM 11.0.0 - 11.5.1
F5 BIG-IP ASM 11.0.0 - 11.5.1
F5 BIG-IP Edge Gateway 11.0.0 - 11.3.0
F5 BIG-IP GTM 11.0.0 - 11.5.1
F5 BIG-IP Link Controller 11.0.0 - 11.5.1
F5 BIG-IP PEM 11.3.0 - 11.5.1
F5 BIG-IP PSM 11.0.0 - 11.4.1
F5 BIG-IP WebAccelerator 11.0.0 - 11.3.0
F5 BIG-IP WOM 11.0.0 - 11.3.0
F5 Enterprise Manager 3.0.0 - 3.1.1
F5 BIG-IQ Cloud 4.0.0 - 4.3.0
F5 BIG-IQ Device 4.2.0 - 4.3.0
F5 BIG-IQ Security 4.0.0 - 4.3.0

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Refer to the vendor's website for suggested workaround.
http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15220.html

CVE References

CVE-2014-2928