CVE-2015-7393

Vulnerability

The vulnerability resides in the dcoep component of F5 BIG-IP and related products. It affects BIG-IP LTM, Analytics, APM, ASM, Link Controller versions 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1; BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1; BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1; BIG-IP DNS 12.0.0 before 12.0.0 HF1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.2.0 through 11.3.0; BIG-IP GTM 11.2.0 through 11.6.0; BIG-IP PSM 11.2.0 through 11.4.1; Enterprise Manager 3.0.0 through 3.1.1; BIG-IQ Cloud 4.0.0 through 4.5.0; BIG-IQ Device 4.2.0 through 4.5.0; BIG-IQ Security 4.0.0 through 4.5.0; BIG-IQ ADC 4.5.0; BIG-IQ Centralized Management 4.6.0; and BIG-IQ Cloud and Orchestration 1.0.0. The exact code path is unspecified in the available references [1].

Exploitation

An attacker must have local access to the system with an advanced shell (bash) account. The exploitation vector is not detailed in the public description, but it is known that the attacker can leverage the dcoep component to escalate privileges. No user interaction beyond having shell access is required [1].

Impact

Successful exploitation allows a local user with bash access to gain elevated privileges on the affected system. The exact privilege level is not specified, but it is sufficient to compromise the confidentiality, integrity, or availability of the system [1].

Mitigation

F5 has released hotfixes for some affected versions, such as BIG-IP 12.0.0 HF1. For other versions, users should consult the vendor advisory [1] for specific patch availability. If no fix is available, restrict local shell access to trusted users only. The reference link is currently broken, so direct details are unavailable [1].