CVE-2021-22989

Name of the Vulnerable Software and Affected Versions: BIG-IP versions 16.0.x through 16.0.1.1 BIG-IP versions 15.1.x through 15.1.2.1 BIG-IP versions 14.1.x through 14.1.4 BIG-IP versions 13.1.x through 13.1.3.6 BIG-IP versions 12.1.x through 12.1.5.3 BIG-IP versions 11.6.x through 11.6.5.3

Description: The issue is related to an authenticated remote command execution vulnerability in the TMUI, also referred to as the Configuration utility, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned. This vulnerability is associated with inadequate access control in the Advanced WAF/ASM TMUI component of BIG-IP application security protections. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary commands, modify, or delete files.

Recommendations: For BIG-IP versions 16.0.x through 16.0.1.1, update to version 16.0.1.1 or later. For BIG-IP versions 15.1.x through 15.1.2.1, update to version 15.1.2.1 or later. For BIG-IP versions 14.1.x through 14.1.4, update to version 14.1.4 or later. For BIG-IP versions 13.1.x through 13.1.3.6, update to version 13.1.3.6 or later. For BIG-IP versions 12.1.x through 12.1.5.3, update to version 12.1.5.3 or later. For BIG-IP versions 11.6.x through 11.6.5.3, update to version 11.6.5.3 or later.