CVE-2021-23001

Name of the Vulnerable Software and Affected Versions BIG-IP Advanced WAF and BIG-IP ASM versions 11.6.x before 11.6.5.3 BIG-IP Advanced WAF and BIG-IP ASM versions 12.1.x before 12.1.5.3 BIG-IP Advanced WAF and BIG-IP ASM versions 13.1.x before 13.1.3.6 BIG-IP Advanced WAF and BIG-IP ASM versions 14.1.x before 14.1.4 BIG-IP Advanced WAF and BIG-IP ASM versions 15.1.x before 15.1.2.1 BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1

Description The upload functionality in BIG-IP Advanced WAF and BIG-IP ASM allows an authenticated user to upload files to the BIG-IP system using a call to an undisclosed iControl REST endpoint.

Recommendations For versions 11.6.x before 11.6.5.3, update to version 11.6.5.3 or later. For versions 12.1.x before 12.1.5.3, update to version 12.1.5.3 or later. For versions 13.1.x before 13.1.3.6, update to version 13.1.3.6 or later. For versions 14.1.x before 14.1.4, update to version 14.1.4 or later. For versions 15.1.x before 15.1.2.1, update to version 15.1.2.1 or later. For versions 16.0.x before 16.0.1.1, update to version 16.0.1.1 or later.