F5 Multiple Products iControl iCall Script Privilege Escalation (CVE-2015-3628)

A privilege escalation vulnerability exists in the iControl API in multiple F5 products. The vulnerability is due to insufficient validation of iCall scripts in incomming SOAP requests. A remote, authenticated attacker can exploit this vulnerability by sending malicious SOAP requests to the server.

Leave a Reply