CVE-2014-2927

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.2.1 through 11.6.0 before 11.6.0 F5 BIG-IP version 11.5.1 before HF3 F5 BIG-IP version 11.5.0 before HF4 F5 BIG-IP version 11.4.1 before HF4 F5 BIG-IP version 11.4.0 before HF7 F5 BIG-IP version 11.3.0 before HF9 F5 BIG-IP version 11.2.1 before HF11 Enterprise Manager versions 3.x before 3.1.1 HF2

Description The issue allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address, due to the lack of authentication requirement in the rsync daemon when configured in failover mode.

Recommendations For F5 BIG-IP versions 11.2.1 through 11.6.0 before 11.6.0, update to version 11.6.0 or later. For F5 BIG-IP version 11.5.1 before HF3, apply Hotfix 3. For F5 BIG-IP version 11.5.0 before HF4, apply Hotfix 4. For F5 BIG-IP version 11.4.1 before HF4, apply Hotfix 4. For F5 BIG-IP version 11.4.0 before HF7, apply Hotfix 7. For F5 BIG-IP version 11.3.0 before HF9, apply Hotfix 9. For F5 BIG-IP version 11.2.1 before HF11, apply Hotfix 11. For Enterprise Manager versions 3.x before 3.1.1 HF2, update to version 3.1.1 HF2 or later. As a temporary workaround, consider restricting access to the ConfigSync IP address to minimize the risk of exploitation.