CVE-2014-2927

critical

Published 2014-10-15 · Modified 2026-05-06

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

10.0

Description

The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, 11.5.0 before HF4, 11.4.1 before HF4, 11.4.0 before HF7, 11.3.0 before HF9, and 11.2.1 before HF11 and Enterprise Manager 3.x before 3.1.1 HF2, when configured in failover mode, does not require authentication, which allows remote attackers to read or write to arbitrary files via a cmi request to the ConfigSync IP address.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-34465 remote hardware text · 1 KB

Security-Assessment.com · 2014-08-29

F5 Big-IP - rsync Access

text exploit Source: Exploit-DB

When configured in a high availability mode, the F5 solution suffers from an unauthenticated rsync access vulnerability that can be leveraged to upload a malicious SSH key and gain remote root access to the appliance.
The BigIP platform configures an rsync daemon listening on the ConfigSync interfaces when the system is configured in a failover mode. The rsync daemon as currently configured does not require any authentication and the “cmi” module has complete read/write access to the system. If the ConfigSync IP addresses are accessible by a malicious third party, it is possible to upload an authorized_keys file directly into the /var/ssh/root directory and then open a root SSH session on the f5 device.

Advisory: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/34465.pdf

Application impact

Vendor	Product	Versions
f5	arx	`6.0.0`
f5	arx	`6.1.0`
f5	arx	`6.1.1`
f5	arx	`6.2.0`
f5	arx	`6.3.0`
f5	arx	`6.4.0`
f5	big-ip_access_policy_manager	`10.1.0`
f5	big-ip_access_policy_manager	`10.2.0`
f5	big-ip_access_policy_manager	`10.2.1`
f5	big-ip_access_policy_manager	`10.2.2`
f5	big-ip_access_policy_manager	`10.2.3`
f5	big-ip_access_policy_manager	`10.2.4`
f5	big-ip_access_policy_manager	`11.0.0`
f5	big-ip_access_policy_manager	`11.1.0`
f5	big-ip_access_policy_manager	`11.2.0`
f5	big-ip_access_policy_manager	`11.2.1`
f5	big-ip_access_policy_manager	`11.3.0`
f5	big-ip_access_policy_manager	`11.4.0`
f5	big-ip_access_policy_manager	`11.4.1`
f5	big-ip_access_policy_manager	`11.5.0`
f5	big-ip_access_policy_manager	`11.5.1`
f5	big-ip_access_policy_manager	`11.6.0`
f5	big-ip_advanced_firewall_manager	`11.3.0`
f5	big-ip_advanced_firewall_manager	`11.4.0`
f5	big-ip_advanced_firewall_manager	`11.4.1`
f5	big-ip_advanced_firewall_manager	`11.5.0`
f5	big-ip_advanced_firewall_manager	`11.5.1`
f5	big-ip_advanced_firewall_manager	`11.6.0`
f5	big-ip_analytics	`11.0.0`
f5	big-ip_analytics	`11.1.0`
f5	big-ip_analytics	`11.2.0`
f5	big-ip_analytics	`11.2.1`
f5	big-ip_analytics	`11.3.0`
f5	big-ip_analytics	`11.4.0`
f5	big-ip_analytics	`11.4.1`
f5	big-ip_analytics	`11.5.0`
f5	big-ip_analytics	`11.5.1`
f5	big-ip_analytics	`11.6.0`
f5	big-ip_application_acceleration_manager	`11.4.0`
f5	big-ip_application_acceleration_manager	`11.4.1`
f5	big-ip_application_acceleration_manager	`11.5.0`
f5	big-ip_application_acceleration_manager	`11.5.1`
f5	big-ip_application_acceleration_manager	`11.6.0`
f5	big-ip_application_security_manager	`10.0.0`
f5	big-ip_application_security_manager	`10.0.1`
f5	big-ip_application_security_manager	`10.1.0`
f5	big-ip_application_security_manager	`10.2.0`
f5	big-ip_application_security_manager	`10.2.1`
f5	big-ip_application_security_manager	`10.2.2`
f5	big-ip_application_security_manager	`10.2.3`
f5	big-ip_application_security_manager	`10.2.4`
f5	big-ip_application_security_manager	`11.0.0`
f5	big-ip_application_security_manager	`11.1.0`
f5	big-ip_application_security_manager	`11.2.0`
f5	big-ip_application_security_manager	`11.2.1`
f5	big-ip_application_security_manager	`11.3.0`
f5	big-ip_application_security_manager	`11.4.0`
f5	big-ip_application_security_manager	`11.4.1`
f5	big-ip_application_security_manager	`11.5.0`
f5	big-ip_application_security_manager	`11.5.1`
f5	big-ip_application_security_manager	`11.6.0`
f5	big-ip_edge_gateway	`10.1.0`
f5	big-ip_edge_gateway	`10.2.0`
f5	big-ip_edge_gateway	`10.2.1`
f5	big-ip_edge_gateway	`10.2.2`
f5	big-ip_edge_gateway	`10.2.3`
f5	big-ip_edge_gateway	`10.2.4`
f5	big-ip_edge_gateway	`11.0.0`
f5	big-ip_edge_gateway	`11.1.0`
f5	big-ip_edge_gateway	`11.2.0`
f5	big-ip_edge_gateway	`11.2.1`
f5	big-ip_edge_gateway	`11.3.0`
f5	big-ip_global_traffic_manager	`10.0.0`
f5	big-ip_global_traffic_manager	`10.0.1`
f5	big-ip_global_traffic_manager	`10.1.0`
f5	big-ip_global_traffic_manager	`10.2.0`
f5	big-ip_global_traffic_manager	`10.2.1`
f5	big-ip_global_traffic_manager	`10.2.2`
f5	big-ip_global_traffic_manager	`10.2.3`
f5	big-ip_global_traffic_manager	`10.2.4`
f5	big-ip_global_traffic_manager	`11.0.0`
f5	big-ip_global_traffic_manager	`11.1.0`
f5	big-ip_global_traffic_manager	`11.2.0`
f5	big-ip_global_traffic_manager	`11.2.1`
f5	big-ip_global_traffic_manager	`11.3.0`
f5	big-ip_global_traffic_manager	`11.4.0`
f5	big-ip_global_traffic_manager	`11.4.1`
f5	big-ip_global_traffic_manager	`11.5.0`
f5	big-ip_global_traffic_manager	`11.5.1`
f5	big-ip_global_traffic_manager	`11.6.0`
f5	big-ip_link_controller	`10.0.0`
f5	big-ip_link_controller	`10.0.1`
f5	big-ip_link_controller	`10.1.0`
f5	big-ip_link_controller	`10.2.0`
f5	big-ip_link_controller	`10.2.1`
f5	big-ip_link_controller	`10.2.2`
f5	big-ip_link_controller	`10.2.3`
f5	big-ip_link_controller	`10.2.4`
f5	big-ip_link_controller	`11.0.0`
f5	big-ip_link_controller	`11.1.0`
f5	big-ip_link_controller	`11.2.0`
f5	big-ip_link_controller	`11.2.1`
f5	big-ip_link_controller	`11.3.0`
f5	big-ip_link_controller	`11.4.0`
f5	big-ip_link_controller	`11.4.1`
f5	big-ip_link_controller	`11.5.0`
f5	big-ip_link_controller	`11.5.1`
f5	big-ip_link_controller	`11.6.0`
f5	big-ip_local_traffic_manager	`10.0.0`
f5	big-ip_local_traffic_manager	`10.0.1`
f5	big-ip_local_traffic_manager	`10.1.0`
f5	big-ip_local_traffic_manager	`10.2.0`
f5	big-ip_local_traffic_manager	`10.2.1`
f5	big-ip_local_traffic_manager	`10.2.2`
f5	big-ip_local_traffic_manager	`10.2.3`
f5	big-ip_local_traffic_manager	`10.2.4`
f5	big-ip_local_traffic_manager	`11.0.0`
f5	big-ip_local_traffic_manager	`11.1.0`
f5	big-ip_local_traffic_manager	`11.2.0`
f5	big-ip_local_traffic_manager	`11.2.1`
f5	big-ip_local_traffic_manager	`11.3.0`
f5	big-ip_local_traffic_manager	`11.4.0`
f5	big-ip_local_traffic_manager	`11.4.1`
f5	big-ip_local_traffic_manager	`11.5.0`
f5	big-ip_local_traffic_manager	`11.5.1`
f5	big-ip_local_traffic_manager	`11.6.0`
f5	big-ip_policy_enforcement_manager	`11.3.0`
f5	big-ip_policy_enforcement_manager	`11.4.0`
f5	big-ip_policy_enforcement_manager	`11.4.1`
f5	big-ip_policy_enforcement_manager	`11.5.0`
f5	big-ip_policy_enforcement_manager	`11.5.1`
f5	big-ip_policy_enforcement_manager	`11.6.0`
f5	big-ip_protocol_security_module	`10.0.0`
f5	big-ip_protocol_security_module	`10.0.1`
f5	big-ip_protocol_security_module	`10.1.0`
f5	big-ip_protocol_security_module	`10.2.0`
f5	big-ip_protocol_security_module	`10.2.1`
f5	big-ip_protocol_security_module	`10.2.2`
f5	big-ip_protocol_security_module	`10.2.3`
f5	big-ip_protocol_security_module	`10.2.4`
f5	big-ip_protocol_security_module	`11.0.0`
f5	big-ip_protocol_security_module	`11.1.0`
f5	big-ip_protocol_security_module	`11.2.0`
f5	big-ip_protocol_security_module	`11.2.1`
f5	big-ip_protocol_security_module	`11.3.0`
f5	big-ip_protocol_security_module	`11.4.0`
f5	big-ip_protocol_security_module	`11.4.1`
f5	big-ip_wan_optimization_manager	`10.0.0`
f5	big-ip_wan_optimization_manager	`10.0.1`
f5	big-ip_wan_optimization_manager	`10.1.0`
f5	big-ip_wan_optimization_manager	`10.2.0`
f5	big-ip_wan_optimization_manager	`10.2.1`
f5	big-ip_wan_optimization_manager	`10.2.2`
f5	big-ip_wan_optimization_manager	`10.2.3`
f5	big-ip_wan_optimization_manager	`10.2.4`
f5	big-ip_wan_optimization_manager	`11.0.0`
f5	big-ip_wan_optimization_manager	`11.1.0`
f5	big-ip_wan_optimization_manager	`11.2.0`
f5	big-ip_wan_optimization_manager	`11.2.1`
f5	big-ip_wan_optimization_manager	`11.3.0`
f5	big-ip_webaccelerator	`10.0.0`
f5	big-ip_webaccelerator	`10.0.1`
f5	big-ip_webaccelerator	`10.1.0`
f5	big-ip_webaccelerator	`10.2.0`
f5	big-ip_webaccelerator	`10.2.1`
f5	big-ip_webaccelerator	`10.2.2`
f5	big-ip_webaccelerator	`10.2.3`
f5	big-ip_webaccelerator	`10.2.4`
f5	big-ip_webaccelerator	`11.0.0`
f5	big-ip_webaccelerator	`11.1.0`
f5	big-ip_webaccelerator	`11.2.0`
f5	big-ip_webaccelerator	`11.2.1`
f5	big-ip_webaccelerator	`11.3.0`
f5	big-iq_cloud	`4.0.0`
f5	big-iq_cloud	`4.1.0`
f5	big-iq_cloud	`4.2.0`
f5	big-iq_cloud	`4.3.0`
f5	big-iq_device	`4.2.0`
f5	big-iq_device	`4.3.0`
f5	big-iq_security	`4.0.0`
f5	big-iq_security	`4.1.0`
f5	big-iq_security	`4.2.0`
f5	big-iq_security	`4.3.0`
f5	enterprise_manager	`2.1.0`
f5	enterprise_manager	`2.2.0`
f5	enterprise_manager	`2.3.0`
f5	enterprise_manager	`3.0.0`
f5	enterprise_manager	`3.1.0`
f5	enterprise_manager	`3.1.1`
f5	firepass	`6.0.0`
f5	firepass	`6.0.1`
f5	firepass	`6.0.2`
f5	firepass	`6.0.3`
f5	firepass	`6.1.0`
f5	firepass	`7.0.0`

References

CWEs

CWE-287

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.