CVE-2021-22974

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 13.1.x through 13.1.3.5 F5 BIG-IP versions 14.1.x through 14.1.3.0 F5 BIG-IP versions 15.1.x through 15.1.1 F5 BIG-IP versions 16.0.x through 16.0.0 F5 BIG-IQ versions 6.x F5 BIG-IQ versions 7.x

Description An authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This issue is due to an incomplete fix for a previously identified problem.

Recommendations For F5 BIG-IP version 13.1.x, update to version 13.1.3.6 or later. For F5 BIG-IP version 14.1.x, update to version 14.1.3.1 or later. For F5 BIG-IP version 15.1.x, update to version 15.1.2 or later. For F5 BIG-IP version 16.0.x, update to version 16.0.1.1 or later. For F5 BIG-IQ versions 6.x and 7.x, there is no information about a newer version that contains a fix for this issue.