Vulnerability Name:

CVE-2015-3628 (CCN-106721)

Assigned:2015-09-28
Published:2015-09-28
Updated:2019-06-06
Summary:The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0, BIG-IP GTM 11.3.0 before 11.6.0 HF6, BIG-IP PSM 11.3.0 through 11.4.1, Enterprise Manager 3.1.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote authenticated users with the "Resource Administrator" role to gain privileges via an iCall (1) script or (2) handler in a SOAP request to iControl/iControlPortal.cgi.
CVSS v3 Severity:8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
8.2 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2015-3628

Source: MISC
Type: Exploit
http://packetstormsecurity.com/files/134434/F5-iControl-iCall-Script-Root-Command-Execution.html

Source: MISC
Type: Exploit
http://www.rapid7.com/db/modules/exploit/linux/http/f5_icall_cmd

Source: SECTRACK
Type: UNKNOWN
1034306

Source: SECTRACK
Type: UNKNOWN
1034307

Source: XF
Type: UNKNOWN
f5-icall-cve20153628-priv-esc(106721)

Source: MISC
Type: UNKNOWN
https://gdssecurity.squarespace.com/labs/2015/9/8/f5-icallscript-privilege-escalation-cve-2015-3628.html

Source: CCN
Type: Packet Storm Security [11-19-2015]
F5 iControl iCall::Script Root Command Execution

Source: CCN
Type: F5 Security Advisory sol16728
iCall privilege escalation vulnerability CVE-2015-3628

Source: CONFIRM
Type: Vendor Advisory
https://support.f5.com/kb/en-us/solutions/public/16000/700/sol16728.html

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [11-19-2015]

Source: EXPLOIT-DB
Type: UNKNOWN
38764

Vulnerable Configuration:Configuration 1:
  • cpe:/a:f5:big-iq_security:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_security:4.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_security:4.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_security:4.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_security:4.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_security:4.5.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:f5:big-ip_application_acceleration_manager:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_acceleration_manager:11.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_acceleration_manager:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_acceleration_manager:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:f5:big-ip_wan_optimization_manager:11.3.0:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:f5:big-iq_adc:4.5.0:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/a:f5:big-ip_application_security_manager:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_security_manager:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_security_manager:11.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_security_manager:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_security_manager:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/a:f5:big-ip_global_traffic_manager:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_global_traffic_manager:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_global_traffic_manager:11.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_global_traffic_manager:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_global_traffic_manager:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_global_traffic_manager:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/a:f5:big-iq_device:4.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_device:4.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_device:4.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_device:4.5.0:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/a:f5:big-ip_edge_gateway:11.3.0:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/a:f5:big-ip_local_traffic_manager:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/a:f5:big-iq_cloud:4.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_cloud:4.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_cloud:4.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_cloud:4.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_cloud:4.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-iq_cloud:4.5.0:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/a:f5:big-ip_analytics:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:11.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:*

    • Configuration 14:
  • cpe:/a:f5:big-ip_protocol_security_module:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_protocol_security_module:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_protocol_security_module:11.4.1:*:*:*:*:*:*:*

    • Configuration 15:
  • cpe:/a:f5:big-ip_webaccelerator:11.3.0:*:*:*:*:*:*:*

    • Configuration 16:
  • cpe:/a:f5:big-ip_link_controller:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_link_controller:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_link_controller:11.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_link_controller:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_link_controller:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_link_controller:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*

    • Configuration 17:
  • cpe:/a:f5:big-ip_enterprise_manager:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_enterprise_manager:3.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_enterprise_manager:3.1.1:*:*:*:*:*:*:*

    • Configuration 18:
  • cpe:/a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_access_policy_manager:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:f5:big-ip_local_traffic_manager:11.3.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    f5 big-iq security 4.0.0
    f5 big-iq security 4.1.0
    f5 big-iq security 4.2.0
    f5 big-iq security 4.3.0
    f5 big-iq security 4.4.0
    f5 big-iq security 4.5.0
    f5 big-ip application acceleration manager 11.4.0
    f5 big-ip application acceleration manager 11.4.1
    f5 big-ip application acceleration manager 11.5.0
    f5 big-ip application acceleration manager 11.5.1
    f5 big-ip application acceleration manager 11.5.2
    f5 big-ip application acceleration manager 11.5.3
    f5 big-ip application acceleration manager 11.6.0
    f5 big-ip wan optimization manager 11.3.0
    f5 big-iq adc 4.5.0
    f5 big-ip application security manager 11.3.0
    f5 big-ip application security manager 11.4.0
    f5 big-ip application security manager 11.4.1
    f5 big-ip application security manager 11.5.0
    f5 big-ip application security manager 11.5.1
    f5 big-ip application security manager 11.5.2
    f5 big-ip application security manager 11.5.3
    f5 big-ip application security manager 11.6.0
    f5 big-ip global traffic manager 11.3.0
    f5 big-ip global traffic manager 11.4.0
    f5 big-ip global traffic manager 11.4.1
    f5 big-ip global traffic manager 11.5.0
    f5 big-ip global traffic manager 11.5.1
    f5 big-ip global traffic manager 11.5.2
    f5 big-ip global traffic manager 11.5.3
    f5 big-ip global traffic manager 11.6.0
    f5 big-iq device 4.2.0
    f5 big-iq device 4.3.0
    f5 big-iq device 4.4.0
    f5 big-iq device 4.5.0
    f5 big-ip edge gateway 11.3.0
    f5 big-ip local traffic manager 11.3.0
    f5 big-ip local traffic manager 11.4.0
    f5 big-ip local traffic manager 11.4.1
    f5 big-ip local traffic manager 11.5.0
    f5 big-ip local traffic manager 11.5.1
    f5 big-ip local traffic manager 11.5.2
    f5 big-ip local traffic manager 11.5.3
    f5 big-ip local traffic manager 11.6.0
    f5 big-ip access policy manager 11.3.0
    f5 big-ip access policy manager 11.4.0
    f5 big-ip access policy manager 11.4.1
    f5 big-ip access policy manager 11.5.0
    f5 big-ip access policy manager 11.5.1
    f5 big-ip access policy manager 11.5.2
    f5 big-ip access policy manager 11.5.3
    f5 big-ip access policy manager 11.6.0
    f5 big-ip policy enforcement manager 11.3.0
    f5 big-ip policy enforcement manager 11.4.0
    f5 big-ip policy enforcement manager 11.4.1
    f5 big-ip policy enforcement manager 11.5.0
    f5 big-ip policy enforcement manager 11.5.1
    f5 big-ip policy enforcement manager 11.5.2
    f5 big-ip policy enforcement manager 11.5.3
    f5 big-ip policy enforcement manager 11.6.0
    f5 big-iq cloud 4.0.0
    f5 big-iq cloud 4.1.0
    f5 big-iq cloud 4.2.0
    f5 big-iq cloud 4.3.0
    f5 big-iq cloud 4.4.0
    f5 big-iq cloud 4.5.0
    f5 big-ip analytics 11.3.0
    f5 big-ip analytics 11.4.0
    f5 big-ip analytics 11.4.1
    f5 big-ip analytics 11.5.0
    f5 big-ip analytics 11.5.1
    f5 big-ip analytics 11.5.2
    f5 big-ip analytics 11.5.3
    f5 big-ip analytics 11.6.0
    f5 big-ip protocol security module 11.3.0
    f5 big-ip protocol security module 11.4.0
    f5 big-ip protocol security module 11.4.1
    f5 big-ip webaccelerator 11.3.0
    f5 big-ip link controller 11.3.0
    f5 big-ip link controller 11.4.0
    f5 big-ip link controller 11.4.1
    f5 big-ip link controller 11.5.0
    f5 big-ip link controller 11.5.1
    f5 big-ip link controller 11.5.2
    f5 big-ip link controller 11.5.3
    f5 big-ip link controller 11.6.0
    f5 big-ip enterprise manager 3.0.0
    f5 big-ip enterprise manager 3.1.0
    f5 big-ip enterprise manager 3.1.1
    f5 big-ip advanced firewall manager 11.3.0
    f5 big-ip advanced firewall manager 11.4.0
    f5 big-ip advanced firewall manager 11.4.1
    f5 big-ip advanced firewall manager 11.5.0
    f5 big-ip advanced firewall manager 11.5.1
    f5 big-ip advanced firewall manager 11.5.2
    f5 big-ip advanced firewall manager 11.5.3
    f5 big-ip advanced firewall manager 11.6.0
    f5 big-ip local traffic manager 11.5.1
    f5 big-ip access policy manager 11.4.0
    f5 big-ip local traffic manager 11.5.3
    f5 big-ip local traffic manager 11.6.0
    f5 big-ip local traffic manager 11.3.0