VIR Vulnerability Intelligence Relay

CVE-2015-8611

critical
Published 2016-01-12 · Modified 2026-05-06
CVSS v3
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2
10.0
VIR risk
9.8

Description

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Management (AOM) subsystem, which might allow remote attackers to obtain login access to AOM via an (1) expired or (2) default password.

Predictions

Exploit likelihood
97%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://support.f5.com/kb/en-us/solutions/public/k/05/sol05272632.html

Application impact
VendorProductVersionsFixed
f5big-ip_domain_name_system12.0.0
f5big-ip_application_acceleration_manager12.0.0
f5big-ip_link_controller12.0.0
f5big-ip_policy_enforcement_manager12.0.0
f5big-ip_advanced_firewall_manager12.0.0
f5big-ip_local_traffic_manager12.0.0
f5big-ip_access_policy_manager12.0.0
f5big-ip_application_security_manager12.0.0
f5big-ip_analytics12.0.0

References

CWEs

CWE-255

Verify integrity in audit chain (admin only). AS-IS.