CVE-2014-2927

F5 Arx - Authentication Bypass

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2927. PoCs published by Security-Assessment.com.

AI-analyzed exploit summary This writeup describes an unauthenticated rsync access vulnerability in F5 BigIP devices configured in high availability mode, allowing an attacker to upload a malicious SSH key to gain root access. The vulnerability stems from improper authentication in the rsync daemon's 'cmi' module.

Description

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.

Exploits (1)

exploitdb WRITEUP
by Security-Assessment.com · textremotehardware
https://www.exploit-db.com/exploits/34465

This writeup describes an unauthenticated rsync access vulnerability in F5 BigIP devices configured in high availability mode, allowing an attacker to upload a malicious SSH key to gain root access. The vulnerability stems from improper authentication in the rsync daemon's 'cmi' module.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: F5 BigIP (high availability mode)
No auth needed
Prerequisites: Access to ConfigSync IP addresses · F5 BigIP configured in failover mode
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

EPSS 0.0792
EPSS Percentile 94.0%

Details

CWE
CWE-287
Status published
Products (50)
f5/arx 6.0.0
f5/arx 6.1.0
f5/arx 6.1.1
f5/arx 6.2.0
f5/arx 6.3.0
f5/arx 6.4.0
f5/big-ip_access_policy_manager 10.1.0
f5/big-ip_access_policy_manager 10.2.0
f5/big-ip_access_policy_manager 10.2.1
f5/big-ip_access_policy_manager 10.2.2
... and 40 more
Published Oct 15, 2014
Tracked Since Feb 18, 2026