VIR Vulnerability Intelligence Relay

CVE-2014-2927

critical
Published 2014-10-15 · Modified 2026-05-06
CVSS v3
CVSS v2
9.3
VIR risk
9.3

Description

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cret@cert.org — https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15236.html

Application impact
VendorProductVersionsFixed
f5arx6.0.0
f5arx6.1.0
f5arx6.1.1
f5arx6.2.0
f5arx6.3.0
f5arx6.4.0
f5big-ip_access_policy_manager10.1.0
f5big-ip_access_policy_manager10.2.0
f5big-ip_access_policy_manager10.2.1
f5big-ip_access_policy_manager10.2.2
f5big-ip_access_policy_manager10.2.3
f5big-ip_access_policy_manager10.2.4
f5big-ip_access_policy_manager11.0.0
f5big-ip_access_policy_manager11.1.0
f5big-ip_access_policy_manager11.2.0
f5big-ip_access_policy_manager11.2.1
f5big-ip_access_policy_manager11.3.0
f5big-ip_access_policy_manager11.4.0
f5big-ip_access_policy_manager11.4.1
f5big-ip_access_policy_manager11.5.0
f5big-ip_access_policy_manager11.5.1
f5big-ip_access_policy_manager11.6.0
f5big-ip_advanced_firewall_manager11.3.0
f5big-ip_advanced_firewall_manager11.4.0
f5big-ip_advanced_firewall_manager11.4.1
f5big-ip_advanced_firewall_manager11.5.0
f5big-ip_advanced_firewall_manager11.5.1
f5big-ip_advanced_firewall_manager11.6.0
f5big-ip_analytics11.0.0
f5big-ip_analytics11.1.0
f5big-ip_analytics11.2.0
f5big-ip_analytics11.2.1
f5big-ip_analytics11.3.0
f5big-ip_analytics11.4.0
f5big-ip_analytics11.4.1
f5big-ip_analytics11.5.0
f5big-ip_analytics11.5.1
f5big-ip_analytics11.6.0
f5big-ip_application_acceleration_manager11.4.0
f5big-ip_application_acceleration_manager11.4.1
f5big-ip_application_acceleration_manager11.5.0
f5big-ip_application_acceleration_manager11.5.1
f5big-ip_application_acceleration_manager11.6.0
f5big-ip_application_security_manager10.0.0
f5big-ip_application_security_manager10.0.1
f5big-ip_application_security_manager10.1.0
f5big-ip_application_security_manager10.2.0
f5big-ip_application_security_manager10.2.1
f5big-ip_application_security_manager10.2.2
f5big-ip_application_security_manager10.2.3
f5big-ip_application_security_manager10.2.4
f5big-ip_application_security_manager11.0.0
f5big-ip_application_security_manager11.1.0
f5big-ip_application_security_manager11.2.0
f5big-ip_application_security_manager11.2.1
f5big-ip_application_security_manager11.3.0
f5big-ip_application_security_manager11.4.0
f5big-ip_application_security_manager11.4.1
f5big-ip_application_security_manager11.5.0
f5big-ip_application_security_manager11.5.1
f5big-ip_application_security_manager11.6.0
f5big-ip_edge_gateway10.1.0
f5big-ip_edge_gateway10.2.0
f5big-ip_edge_gateway10.2.1
f5big-ip_edge_gateway10.2.2
f5big-ip_edge_gateway10.2.3
f5big-ip_edge_gateway10.2.4
f5big-ip_edge_gateway11.0.0
f5big-ip_edge_gateway11.1.0
f5big-ip_edge_gateway11.2.0
f5big-ip_edge_gateway11.2.1
f5big-ip_edge_gateway11.3.0
f5big-ip_global_traffic_manager10.0.0
f5big-ip_global_traffic_manager10.0.1
f5big-ip_global_traffic_manager10.1.0
f5big-ip_global_traffic_manager10.2.0
f5big-ip_global_traffic_manager10.2.1
f5big-ip_global_traffic_manager10.2.2
f5big-ip_global_traffic_manager10.2.3
f5big-ip_global_traffic_manager10.2.4
f5big-ip_global_traffic_manager11.0.0
f5big-ip_global_traffic_manager11.1.0
f5big-ip_global_traffic_manager11.2.0
f5big-ip_global_traffic_manager11.2.1
f5big-ip_global_traffic_manager11.3.0
f5big-ip_global_traffic_manager11.4.0
f5big-ip_global_traffic_manager11.4.1
f5big-ip_global_traffic_manager11.5.0
f5big-ip_global_traffic_manager11.5.1
f5big-ip_global_traffic_manager11.6.0
f5big-ip_link_controller10.0.0
f5big-ip_link_controller10.0.1
f5big-ip_link_controller10.1.0
f5big-ip_link_controller10.2.0
f5big-ip_link_controller10.2.1
f5big-ip_link_controller10.2.2
f5big-ip_link_controller10.2.3
f5big-ip_link_controller10.2.4
f5big-ip_link_controller11.0.0
f5big-ip_link_controller11.1.0
f5big-ip_link_controller11.2.0
f5big-ip_link_controller11.2.1
f5big-ip_link_controller11.3.0
f5big-ip_link_controller11.4.0
f5big-ip_link_controller11.4.1
f5big-ip_link_controller11.5.0
f5big-ip_link_controller11.5.1
f5big-ip_link_controller11.6.0
f5big-ip_local_traffic_manager10.0.0
f5big-ip_local_traffic_manager10.0.1
f5big-ip_local_traffic_manager10.1.0
f5big-ip_local_traffic_manager10.2.0
f5big-ip_local_traffic_manager10.2.1
f5big-ip_local_traffic_manager10.2.2
f5big-ip_local_traffic_manager10.2.3
f5big-ip_local_traffic_manager10.2.4
f5big-ip_local_traffic_manager11.0.0
f5big-ip_local_traffic_manager11.1.0
f5big-ip_local_traffic_manager11.2.0
f5big-ip_local_traffic_manager11.2.1
f5big-ip_local_traffic_manager11.3.0
f5big-ip_local_traffic_manager11.4.0
f5big-ip_local_traffic_manager11.4.1
f5big-ip_local_traffic_manager11.5.0
f5big-ip_local_traffic_manager11.5.1
f5big-ip_local_traffic_manager11.6.0
f5big-ip_policy_enforcement_manager11.3.0
f5big-ip_policy_enforcement_manager11.4.0
f5big-ip_policy_enforcement_manager11.4.1
f5big-ip_policy_enforcement_manager11.5.0
f5big-ip_policy_enforcement_manager11.5.1
f5big-ip_policy_enforcement_manager11.6.0
f5big-ip_protocol_security_module10.0.0
f5big-ip_protocol_security_module10.0.1
f5big-ip_protocol_security_module10.1.0
f5big-ip_protocol_security_module10.2.0
f5big-ip_protocol_security_module10.2.1
f5big-ip_protocol_security_module10.2.2
f5big-ip_protocol_security_module10.2.3
f5big-ip_protocol_security_module10.2.4
f5big-ip_protocol_security_module11.0.0
f5big-ip_protocol_security_module11.1.0
f5big-ip_protocol_security_module11.2.0
f5big-ip_protocol_security_module11.2.1
f5big-ip_protocol_security_module11.3.0
f5big-ip_protocol_security_module11.4.0
f5big-ip_protocol_security_module11.4.1
f5big-ip_wan_optimization_manager10.0.0
f5big-ip_wan_optimization_manager10.0.1
f5big-ip_wan_optimization_manager10.1.0
f5big-ip_wan_optimization_manager10.2.0
f5big-ip_wan_optimization_manager10.2.1
f5big-ip_wan_optimization_manager10.2.2
f5big-ip_wan_optimization_manager10.2.3
f5big-ip_wan_optimization_manager10.2.4
f5big-ip_wan_optimization_manager11.0.0
f5big-ip_wan_optimization_manager11.1.0
f5big-ip_wan_optimization_manager11.2.0
f5big-ip_wan_optimization_manager11.2.1
f5big-ip_wan_optimization_manager11.3.0
f5big-ip_webaccelerator10.0.0
f5big-ip_webaccelerator10.0.1
f5big-ip_webaccelerator10.1.0
f5big-ip_webaccelerator10.2.0
f5big-ip_webaccelerator10.2.1
f5big-ip_webaccelerator10.2.2
f5big-ip_webaccelerator10.2.3
f5big-ip_webaccelerator10.2.4
f5big-ip_webaccelerator11.0.0
f5big-ip_webaccelerator11.1.0
f5big-ip_webaccelerator11.2.0
f5big-ip_webaccelerator11.2.1
f5big-ip_webaccelerator11.3.0
f5big-iq_cloud4.0.0
f5big-iq_cloud4.1.0
f5big-iq_cloud4.2.0
f5big-iq_cloud4.3.0
f5big-iq_device4.2.0
f5big-iq_device4.3.0
f5big-iq_security4.0.0
f5big-iq_security4.1.0
f5big-iq_security4.2.0
f5big-iq_security4.3.0
f5enterprise_manager2.1.0
f5enterprise_manager2.2.0
f5enterprise_manager2.3.0
f5enterprise_manager3.0.0
f5enterprise_manager3.1.0
f5enterprise_manager3.1.1
f5firepass6.0.0
f5firepass6.0.1
f5firepass6.0.2
f5firepass6.0.3
f5firepass6.1.0
f5firepass7.0.0

References

CWEs

CWE-287

Verify integrity in audit chain (admin only). AS-IS.