CVE-2021-23012
published 2021-05-10CVE-2021-23012: On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the…
high8.2CVSS 3.1
AVLACLPRHUINSCCHIHAH
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash commands on BIG-IP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected
71 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-ip_aam | — | — |
| f5 | big-ip_access_policy_manager | — | — |
| f5 | big-ip_access_policy_manager | >= 13.1.0 < 13.1.4 | 13.1.4 |
| f5 | big-ip_access_policy_manager | >= 14.1.0 < 14.1.4 | 14.1.4 |
| f5 | big-ip_access_policy_manager | >= 15.1.0 < 15.1.3 | 15.1.3 |
| f5 | big-ip_access_policy_manager | >= 16.0.0 < 16.0.1.1 | 16.0.1.1 |
| f5 | big-ip_advanced_firewall_manager | >= 13.1.0 < 13.1.4 | 13.1.4 |
| f5 | big-ip_advanced_firewall_manager | >= 14.1.0 < 14.1.4 | 14.1.4 |
| f5 | big-ip_advanced_firewall_manager | >= 15.1.0 < 15.1.3 | 15.1.3 |
| f5 | big-ip_advanced_firewall_manager | >= 16.0.0 < 16.0.1.1 | 16.0.1.1 |
| f5 | big-ip_advanced_waf | — | — |
| f5 | big-ip_advanced_web_application_firewall | >= 13.1.0 < 13.1.4 | 13.1.4 |
| f5 | big-ip_advanced_web_application_firewall | 14.1.0 – 14.1.4 | — |
| f5 | big-ip_advanced_web_application_firewall | >= 15.1.0 < 15.1.3 | 15.1.3 |
| f5 | big-ip_advanced_web_application_firewall | >= 16.0.0 < 16.0.1.1 | 16.0.1.1 |
| f5 | big-ip_afm | — | — |
| f5 | big-ip_analytics | — | — |
| f5 | big-ip_analytics | >= 13.1.0 < 13.1.4 | 13.1.4 |
| f5 | big-ip_analytics | >= 14.1.0 < 14.1.4 | 14.1.4 |
| f5 | big-ip_analytics | >= 15.1.0 < 15.1.3 | 15.1.3 |
| f5 | big-ip_analytics | >= 16.0.0 < 16.0.1.1 | 16.0.1.1 |
| f5 | big-ip_apm | — | — |
| f5 | big-ip_application_acceleration_manager | >= 13.1.0 < 13.1.4 | 13.1.4 |
| f5 | big-ip_application_acceleration_manager | >= 14.1.0 < 14.1.4 | 14.1.4 |
| f5 | big-ip_application_acceleration_manager | >= 15.1.0 < 15.1.3 | 15.1.3 |