Forum Discussion

Nimbostratus

Nov 07, 2015

F5 Vulnerability CVE-2015-7394 - Recomonded action

Hi all, Recently I implemented F5 LTM,APM,ASM in one of our customer site, with the software version of 11.6 HF5. Everything was working fine with this software version. Now recently I came to ...

BIG-IP Access Policy Manager (APM)

Altostratus

Nov 07, 2015

It seems to be exploitable only by users who already have administrative access to the device, what would permit them to elevate their privileges by exploiting the vulnerability. If all administrative users already have admin/root privilege, I really don't see why they would have any interest on exploiting this.

Well.... Considering the risk of changing/upgrading the BIG-IP version with all the configuration problems you may face doing that, I would prefer to wait for a hotfix for your version.

This is only my opinion.

Source: SOL17407: Datastor kernel vulnerability CVE-2015-7394

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)