PT-2021-15356 · F5 · Big-Ip
Published
2021-09-14
·
Updated
2021-09-30
·
CVE-2021-23031
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
BIG-IP versions 11.6.x before 11.6.5.3
BIG-IP versions 12.1.x before 12.1.6
BIG-IP versions 13.1.x before 13.1.4
BIG-IP versions 14.1.x before 14.1.4.1
BIG-IP versions 15.1.x before 15.1.3
BIG-IP versions 16.0.x before 16.0.1.2
Description
An authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility.
Recommendations
For versions 11.6.x before 11.6.5.3, update to version 11.6.5.3 or later.
For versions 12.1.x before 12.1.6, update to version 12.1.6 or later.
For versions 13.1.x before 13.1.4, update to version 13.1.4 or later.
For versions 14.1.x before 14.1.4.1, update to version 14.1.4.1 or later.
For versions 15.1.x before 15.1.3, update to version 15.1.3 or later.
For versions 16.0.x before 16.0.1.2, update to version 16.0.1.2 or later.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Big-Ip