Strix
26.1K

CVE-2015-7393

UnknownEPSS 0.34%

Last modified

CVE-2015-7393 is a vulnerability of currently unknown severity. dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors.. EPSS estimates a 0.34% chance of exploitation in the next 30 days.

Description

dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors.

Metrics

EPSS Probability
0.34%

25.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
F5Big-Iq Application Delivery Controller4.5.0
F5Big-Ip Application Security Manager11.2.0
F5Big-Ip Application Security Manager11.2.1
F5Big-Ip Application Security Manager11.3.0
F5Big-Ip Application Security Manager11.4.0
F5Big-Ip Application Security Manager11.4.1
F5Big-Ip Application Security Manager11.5.1
F5Big-Ip Application Security Manager11.6.0
F5Big-Ip Application Security Manager12.0.0
F5Big-Iq Security4.0.0
F5Big-Iq Security4.1.0
F5Big-Iq Security4.2.0
F5Big-Iq Security4.3.0
F5Big-Iq Security4.4.0
F5Big-Iq Security4.5.0
F5Big-Ip Wan Optimization Manager11.2.0
F5Big-Ip Wan Optimization Manager11.2.1
F5Big-Ip Wan Optimization Manager11.3.0
F5Big-Ip Global Traffic Manager11.2.1
F5Big-Ip Global Traffic Manager11.3.0
F5Big-Ip Global Traffic Manager11.4.0
F5Big-Ip Global Traffic Manager11.4.1
F5Big-Ip Global Traffic Manager11.5.1
F5Big-Ip Global Traffic Manager11.6.0
F5Big-Ip Global Traffic Manager11.2.0All versions
F5Big-Iq Centralized Management4.6.0
F5Big-Ip Analytics11.0.0
F5Big-Ip Analytics11.1.0
F5Big-Ip Analytics11.2.0
F5Big-Ip Analytics11.2.1
F5Big-Ip Analytics11.3.0
F5Big-Ip Analytics11.4.0
F5Big-Ip Analytics11.4.1
F5Big-Ip Analytics11.5.0
F5Big-Ip Analytics11.5.1
F5Big-Ip Analytics11.6.0
F5Big-Ip Analytics12.0.0
F5Big-Ip Advanced Firewall Manager11.3.0
F5Big-Ip Advanced Firewall Manager11.4.0
F5Big-Ip Advanced Firewall Manager11.4.1
F5Big-Ip Advanced Firewall Manager11.5.0
F5Big-Ip Advanced Firewall Manager11.5.1
F5Big-Ip Advanced Firewall Manager11.6.0
F5Big-Ip Advanced Firewall Manager12.0.0
F5Big-Ip Domain Name System12.0.0
F5Big-Ip Protocol Security Module11.2.0
F5Big-Ip Protocol Security Module11.2.1
F5Big-Ip Protocol Security Module11.3.0
F5Big-Ip Protocol Security Module11.4.0
F5Big-Ip Protocol Security Module11.4.1

Showing 50 of 96 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2015-7393?
dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP DNS 12.0.0 before 12.0.0 HF1, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0, BIG-IP GTM 11.2.0 through 11.6.0, BIG-IP PSM 11.2.0 through 11.4.1, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ Security 4.0.0 through 4.5.0, BIG-IQ ADC 4.5.0, BIG-IQ Centralized Management 4.6.0, and BIG-IQ Cloud and Orchestration 1.0.0 allows local users with advanced shell (bash) access to gain privileges via unspecified vectors.
How severe is CVE-2015-7393?
Severity scoring for CVE-2015-7393 is pending analysis. The EPSS model estimates a 0.34% probability of exploitation in the next 30 days.
How do I fix CVE-2015-7393?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-7393?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST