Description
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.
Exploits (1)
exploitdb
WORKING POC
by Karn Ganeshen · textwebappshardware
https://www.exploit-db.com/exploits/38448
References (4)
Core 4
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/133931/F5-BigIP-10.2.4-Build-595.0-HF3-Path-Traversal.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033533
Vendor Advisory x_refsource_confirm
https://support.f5.com/kb/en-us/solutions/public/17000/200/sol17253.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033532
Scores
EPSS
0.0677
EPSS Percentile
91.3%
Details
CWE
CWE-22
Status
published
Products (16)
f5/big-ip_access_policy_manager
< 11.6.0
f5/big-ip_advanced_firewall_manager
< 11.6.0
f5/big-ip_analytics
< 11.6.0
f5/big-ip_application_acceleration_manager
< 11.6.0
f5/big-ip_application_security_manager
< 11.6.0
f5/big-ip_edge_gateway
< 11.3.0
f5/big-ip_global_traffic_manager
< 11.3.0
f5/big-ip_link_controller
< 11.3.0
f5/big-ip_local_traffic_manager
< 11.6.0
f5/big-ip_policy_enforcement_manager
< 11.3.0
... and 6 more
Published
Sep 17, 2015
Tracked Since
Feb 18, 2026