Vulnetix
Try Vulnetix Request Demo
CVE-2021-22987 PUBLISHED CVSS 9.899999618530273 CRITICAL

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

EPSS 1.77% · 82.5th percentile

Risk Scores

CVSS v3.1
9.899999618530273
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
1.77%
82.5th percentile

Affected Products

VendorProductVersions
f5big-ip_advanced_web_application_firewall16.0.0, 11.6.1, 12.1.0
f5big-ip_fraud_protection_service11.6.1, 12.1.0, 16.0.0
f5big-ip_link_controller12.1.0, 11.6.1, 16.0.0
f5big-ip_global_traffic_manager13.1.0, 11.6.1, 16.0.0
f5big-ip_access_policy_manager15.1.0, 11.6.1, 12.1.0
n/aBIG-IP Appliance Mode16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, 11.6.x before 11.6.5.3
f5big-ip_application_security_manager11.6.1, 12.1.0, 13.1.0
f5big-ip_domain_name_system11.6.1, 16.0.0, 15.1.0
f5ssl_orchestrator16.0.0, 11.6.1, 12.1.0
f5big-ip_ddos_hybrid_defender11.6.1, 16.0.0, 15.1.0
f5big-ip_analytics11.6.1, 16.0.0, 15.1.0
f5big-ip_advanced_firewall_manager12.1.0, 16.0.0, 15.1.0
f5big-ip_local_traffic_manager11.6.1, 12.1.0, 13.1.0
f5big-ip_policy_enforcement_manager11.6.1, 12.1.0, 13.1.0
f5big-ip_application_acceleration_manager12.1.0, 16.0.0, 15.1.0

Timeline

References

Open in Interactive Console →