PT-2021-15342 · F5 · F5 Big-Ip
Published
2021-05-10
·
Updated
2021-05-24
·
CVE-2021-23015
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions 13.1.0.8 through 13.1.3.6
F5 BIG-IP versions 14.1.x before 14.1.4.2
F5 BIG-IP versions 15.1.x before 15.1.3
F5 BIG-IP versions 16.0.x
Description
The issue allows an authenticated user with the 'Administrator' role to bypass Appliance Mode restrictions by utilizing undisclosed iControl REST endpoints when running in Appliance Mode.
Recommendations
For F5 BIG-IP versions 13.1.0.8 through 13.1.3.6, update to a version outside of this range to resolve the issue.
For F5 BIG-IP versions 14.1.x before 14.1.4.2, update to version 14.1.4.2 or later.
For F5 BIG-IP versions 15.1.x before 15.1.3, update to version 15.1.3 or later.
For F5 BIG-IP versions 16.0.x, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
F5 Big-Ip