Vulnerability Name: CVE-2015-8022 (CCN-116103) Assigned: 2015-10-28 Published: 2016-08-10 Updated: 2019-06-06 Summary: The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AFM and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF16 and 11.3.0; and BIG-IP PSM 11.x before 11.2.1 HF16, 11.3.x, and 11.4.x before 11.4.1 HF10 allows remote authenticated users with certain permissions to gain privileges by leveraging an Access Policy Manager customization configuration section that allows file uploads. CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H )6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
6.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L )5.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 8.5 High (CVSS v2 Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-264 Vulnerability Consequences: Gain Privileges References: Source: MITRE Type: CNACVE-2015-8022 Source: SECTRACK Type: Third Party Advisory, VDB Entry1036627 Source: XF Type: UNKNOWNbigip-cve20158022-priv-esc(116103) Source: CCN Type: F5 Security Advisory sol12401251BIG-IP file validation vulnerability CVE-2015-8022 Source: CONFIRM Type: Vendor Advisoryhttps://support.f5.com/kb/en-us/solutions/public/k/12/sol12401251.html Vulnerable Configuration: Configuration 1 :cpe:/a:f5:big-ip_global_traffic_manager:11.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_global_traffic_manager:11.1.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_global_traffic_manager:11.2.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_global_traffic_manager:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_global_traffic_manager:11.3.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_global_traffic_manager:11.4.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_global_traffic_manager:11.4.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_global_traffic_manager:11.5.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_global_traffic_manager:11.5.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_global_traffic_manager:11.5.3:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_global_traffic_manager:11.6.0:*:*:*:*:*:*:* Configuration 2 :cpe:/a:f5:big-ip_local_traffic_manager:11.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:11.1.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:11.2.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:11.3.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:11.4.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:11.4.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:11.5.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:11.5.3:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:* Configuration 3 :cpe:/a:f5:big-ip_webaccelerator:11.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_webaccelerator:11.1.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_webaccelerator:11.2.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_webaccelerator:11.3.0:*:*:*:*:*:*:* Configuration 4 :cpe:/a:f5:big-ip_policy_enforcement_manager:11.3.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.4.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.4.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.5.3:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_policy_enforcement_manager:11.6.0:*:*:*:*:*:*:* Configuration 5 :cpe:/a:f5:big-ip_advanced_firewall_manager:11.3.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.4.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.4.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.3:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:* Configuration 6 :cpe:/a:f5:big-ip_access_policy_manager:11.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:11.1.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:11.2.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:11.3.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:11.4.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:11.4.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:11.5.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:11.5.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:11.5.3:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:11.6.0:*:*:*:*:*:*:* Configuration 7 :cpe:/a:f5:big-ip_analytics:11.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:11.1.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:11.2.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:11.3.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:11.4.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:11.4.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:11.5.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:11.5.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:11.5.3:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_analytics:11.6.0:*:*:*:*:*:*:* Configuration 8 :cpe:/a:f5:big-ip_wan_optimization_manager:11.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_wan_optimization_manager:11.1.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_wan_optimization_manager:11.2.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_wan_optimization_manager:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_wan_optimization_manager:11.3.0:*:*:*:*:*:*:* Configuration 9 :cpe:/a:f5:big-ip_link_controller:11.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.1.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.2.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.3.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.4.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.4.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.5.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.5.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.5.3:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.6.0:*:*:*:*:*:*:* Configuration 10 :cpe:/a:f5:big-ip_edge_gateway:11.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_edge_gateway:11.1.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_edge_gateway:11.2.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_edge_gateway:11.3.0:*:*:*:*:*:*:* Configuration 11 :cpe:/a:f5:big-ip_application_security_manager:11.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_security_manager:11.1.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_security_manager:11.2.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_security_manager:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_security_manager:11.3.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_security_manager:11.4.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_security_manager:11.4.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_security_manager:11.5.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_security_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_security_manager:11.5.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_security_manager:11.5.3:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_security_manager:11.6.0:*:*:*:*:*:*:* Configuration 12 :cpe:/a:f5:big-ip_application_acceleration_manager:11.4.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_acceleration_manager:11.4.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_acceleration_manager:11.5.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_acceleration_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_acceleration_manager:11.5.2:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_acceleration_manager:11.5.3:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_application_acceleration_manager:11.6.0:*:*:*:*:*:*:* Configuration 13 :cpe:/a:f5:big-ip_websafe:11.6.0:*:*:*:*:*:*:* Configuration 14 :cpe:/a:f5:big-ip_protocol_security_module:11.0.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_protocol_security_module:11.1.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_protocol_security_module:11.2.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_protocol_security_module:11.2.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_protocol_security_module:11.3.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_protocol_security_module:11.4.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_protocol_security_module:11.4.1:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:f5:big-ip_advanced_firewall_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_global_traffic_manager:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.5.1:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_access_policy_manager:11.4.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_link_controller:11.5.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:11.5.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_local_traffic_manager:11.6.0:*:*:*:*:*:*:* OR cpe:/a:f5:big-ip_advanced_firewall_manager:11.6.0:*:*:*:*:*:*:* Denotes that component is vulnerable BACK
f5 big-ip global traffic manager 11.0.0
f5 big-ip global traffic manager 11.1.0
f5 big-ip global traffic manager 11.2.0
f5 big-ip global traffic manager 11.2.1
f5 big-ip global traffic manager 11.3.0
f5 big-ip global traffic manager 11.4.0
f5 big-ip global traffic manager 11.4.1
f5 big-ip global traffic manager 11.5.0
f5 big-ip global traffic manager 11.5.1
f5 big-ip global traffic manager 11.5.2
f5 big-ip global traffic manager 11.5.3
f5 big-ip global traffic manager 11.6.0
f5 big-ip local traffic manager 11.0.0
f5 big-ip local traffic manager 11.1.0
f5 big-ip local traffic manager 11.2.0
f5 big-ip local traffic manager 11.2.1
f5 big-ip local traffic manager 11.3.0
f5 big-ip local traffic manager 11.4.0
f5 big-ip local traffic manager 11.4.1
f5 big-ip local traffic manager 11.5.0
f5 big-ip local traffic manager 11.5.1
f5 big-ip local traffic manager 11.5.2
f5 big-ip local traffic manager 11.5.3
f5 big-ip local traffic manager 11.6.0
f5 big-ip webaccelerator 11.0.0
f5 big-ip webaccelerator 11.1.0
f5 big-ip webaccelerator 11.2.0
f5 big-ip webaccelerator 11.2.1
f5 big-ip webaccelerator 11.3.0
f5 big-ip policy enforcement manager 11.3.0
f5 big-ip policy enforcement manager 11.4.0
f5 big-ip policy enforcement manager 11.4.1
f5 big-ip policy enforcement manager 11.5.0
f5 big-ip policy enforcement manager 11.5.1
f5 big-ip policy enforcement manager 11.5.2
f5 big-ip policy enforcement manager 11.5.3
f5 big-ip policy enforcement manager 11.6.0
f5 big-ip advanced firewall manager 11.3.0
f5 big-ip advanced firewall manager 11.4.0
f5 big-ip advanced firewall manager 11.4.1
f5 big-ip advanced firewall manager 11.5.0
f5 big-ip advanced firewall manager 11.5.1
f5 big-ip advanced firewall manager 11.5.2
f5 big-ip advanced firewall manager 11.5.3
f5 big-ip advanced firewall manager 11.6.0
f5 big-ip access policy manager 11.0.0
f5 big-ip access policy manager 11.1.0
f5 big-ip access policy manager 11.2.0
f5 big-ip access policy manager 11.2.1
f5 big-ip access policy manager 11.3.0
f5 big-ip access policy manager 11.4.0
f5 big-ip access policy manager 11.4.1
f5 big-ip access policy manager 11.5.0
f5 big-ip access policy manager 11.5.1
f5 big-ip access policy manager 11.5.2
f5 big-ip access policy manager 11.5.3
f5 big-ip access policy manager 11.6.0
f5 big-ip analytics 11.0.0
f5 big-ip analytics 11.1.0
f5 big-ip analytics 11.2.0
f5 big-ip analytics 11.2.1
f5 big-ip analytics 11.3.0
f5 big-ip analytics 11.4.0
f5 big-ip analytics 11.4.1
f5 big-ip analytics 11.5.0
f5 big-ip analytics 11.5.1
f5 big-ip analytics 11.5.2
f5 big-ip analytics 11.5.3
f5 big-ip analytics 11.6.0
f5 big-ip wan optimization manager 11.0.0
f5 big-ip wan optimization manager 11.1.0
f5 big-ip wan optimization manager 11.2.0
f5 big-ip wan optimization manager 11.2.1
f5 big-ip wan optimization manager 11.3.0
f5 big-ip link controller 11.0.0
f5 big-ip link controller 11.1.0
f5 big-ip link controller 11.2.0
f5 big-ip link controller 11.2.1
f5 big-ip link controller 11.3.0
f5 big-ip link controller 11.4.0
f5 big-ip link controller 11.4.1
f5 big-ip link controller 11.5.0
f5 big-ip link controller 11.5.1
f5 big-ip link controller 11.5.2
f5 big-ip link controller 11.5.3
f5 big-ip link controller 11.6.0
f5 big-ip edge gateway 11.0.0
f5 big-ip edge gateway 11.1.0
f5 big-ip edge gateway 11.2.0
f5 big-ip edge gateway 11.2.1
f5 big-ip edge gateway 11.3.0
f5 big-ip application security manager 11.0.0
f5 big-ip application security manager 11.1.0
f5 big-ip application security manager 11.2.0
f5 big-ip application security manager 11.2.1
f5 big-ip application security manager 11.3.0
f5 big-ip application security manager 11.4.0
f5 big-ip application security manager 11.4.1
f5 big-ip application security manager 11.5.0
f5 big-ip application security manager 11.5.1
f5 big-ip application security manager 11.5.2
f5 big-ip application security manager 11.5.3
f5 big-ip application security manager 11.6.0
f5 big-ip application acceleration manager 11.4.0
f5 big-ip application acceleration manager 11.4.1
f5 big-ip application acceleration manager 11.5.0
f5 big-ip application acceleration manager 11.5.1
f5 big-ip application acceleration manager 11.5.2
f5 big-ip application acceleration manager 11.5.3
f5 big-ip application acceleration manager 11.6.0
f5 big-ip websafe 11.6.0
f5 big-ip protocol security module 11.0.0
f5 big-ip protocol security module 11.1.0
f5 big-ip protocol security module 11.2.0
f5 big-ip protocol security module 11.2.1
f5 big-ip protocol security module 11.3.0
f5 big-ip protocol security module 11.4.0
f5 big-ip protocol security module 11.4.1
f5 big-ip advanced firewall manager 11.5.1
f5 big-ip global traffic manager 11.5.1
f5 big-ip link controller 11.5.1
f5 big-ip access policy manager 11.4.0
f5 big-ip link controller 11.5.0
f5 big-ip local traffic manager 11.5.0
f5 big-ip local traffic manager 11.6.0
f5 big-ip advanced firewall manager 11.6.0