VDB
CVE-2021-22987
CVE-2021-22987
PUBLISHED
CVSS 9.899999618530273 CRITICAL
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
EPSS 1.53% · 81.7th percentile
Risk Scores
CVSS 3.1
9.899999618530273
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
1.53%
81.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| f5 | big-ip_advanced_web_application_firewall | 16.0.0, 11.6.1, 12.1.0 |
| f5 | big-ip_fraud_protection_service | 11.6.1, 16.0.0, 15.1.0 |
| f5 | big-ip_link_controller | 13.1.0, 11.6.1, 16.0.0 |
| f5 | big-ip_global_traffic_manager | 15.1.0, 11.6.1, 12.1.0 |
| f5 | big-ip_access_policy_manager | 14.1.0, 16.0.0, 12.1.0 |
| n/a | BIG-IP Appliance Mode | 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, 11.6.x before 11.6.5.3 |
| f5 | big-ip_application_security_manager | 11.6.1, 12.1.0, 15.1.0 |
| f5 | big-ip_domain_name_system | 15.1.0, 12.1.0, 11.6.1 |
| f5 | ssl_orchestrator | 15.1.0, 12.1.0, 13.1.0 |
| f5 | big-ip_ddos_hybrid_defender | 11.6.1, 12.1.0, 16.0.0 |
| f5 | big-ip_analytics | 14.1.0, 12.1.0, 13.1.0 |
| f5 | big-ip_advanced_firewall_manager | 14.1.0, 16.0.0, 15.1.0 |
| f5 | big-ip_local_traffic_manager | 15.1.0, 12.1.0, 13.1.0 |
| f5 | big-ip_policy_enforcement_manager | 13.1.0, 12.1.0, 14.1.0 |
| f5 | big-ip_application_acceleration_manager | 11.6.1, 12.1.0, 13.1.0 |
Exploit Intelligence
- CIRCL seen: CVE-2021-22987 (circl-sighting)
- CIRCL seen: CVE-2021-22987 (circl-sighting)
- CIRCL seen: CVE-2021-22987 (circl-sighting)
- CIRCL seen: CVE-2021-22987 (circl-sighting)
- https://support.f5.com/csp/article/K18132488 (circl)
- exploit_f5_bigip_cve_2021_22986_log.yar (github-yara)
- exploit_f5_bigip_cve_2021_22986_log.yar (github-yara)
- exploit_f5_bigip_cve_2021_22986_log.yar (github-yara)
- exploit_f5_bigip_cve_2021_22986_log.yar (github-yara)
- LOG_F5_BIGIP_Exploitation_Artefacts_CVE_2021_22986_Mar21_1.yar (github-yara)
…and 47 more exploits
Timeline
- Mar 11, 2021 CVE Published
- Mar 11, 2021 PoC Published
- Mar 12, 2021 PoC Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Sep 23, 2021 PoC Published
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
References
- https://support.f5.com/csp/article/K03009991 advisory
- https://support.f5.com/csp/article/K68251873 advisory
- https://support.f5.com/csp/article/K67830124 advisory
- https://support.f5.com/csp/article/K66851119 advisory
- https://support.f5.com/csp/article/K56715231 advisory
- https://support.f5.com/csp/article/K51674118 advisory
- https://support.f5.com/csp/article/K18132488 advisory
- https://support.f5.com/csp/article/K45056101 advisory
- https://support.f5.com/csp/article/K52510511 advisory
- https://support.f5.com/csp/article/K70031188 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-22987 advisory