CVE-2021-22980

CWE-4264 documents4 sources
Severity
7.8HIGH
EPSS
0.1%
top 76.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F5 Access Policy Manager ClientsF5 Big-ip Access Policy Manager
Timeline
PublishedFeb 12
Latest updateMay 24

Description

In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability in that the victim must run this utility on the Windows system. Note: Software versions which have reached End of Software Development (EoSD) are no

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5edge_client7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5
NVDf5/access_policy_manager_clients7.1.57.1.8.5+2
NVDf5/big-ip_access_policy_manager13.1.013.1.3.6+5

🔴Vulnerability Details

2
GHSA
GHSA-3p28-7652-rrq5: In Edge Client version 72022-05-24
CVEList
CVE-2021-22980: In Edge Client version 72021-02-12

📋Vendor Advisories

1
F5
CVE-2021-22980: In Edge Client version 72021-02-12
CVE-2021-22980 (HIGH CVSS 7.8) | In Edge Client version 7.2.x before | cvebase.io