September 2015

View all on this date written articles further down below.
11 Sep 2015

F5 file path traversal – CVE 2015-4040

Earlier this year while pentesting a customer network, I identified a File Path traversal vulnerability in a F5 Big IP box. Chris Christian from F5 Security Response Team (SRT) reached out promptly and I shared the details with him. Chris confirmed yesterday that F5 has now released new version 12.0 that fixes this issue.

F5 has also published a Solution Article 17253 describing this path traversal vulnerability, affected devices / versions, impact, resolution & references, recently on Sep 9, 2015.

CVE-ID
CVE-2015-4040

I have also posted a working exploit on Exploit-db and Packetstorm:
https://www.exploit-db.com/exploits/38448/
https://packetstormsecurity.com/files/133931/F5-BigIP-10.2.4-Build-595.0-HF3-Path-Traversal.html

Read on.

Read more