VDB

CVE-2021-22988

CVE-2021-22988 PUBLISHED CVSS 8.800000190734863 HIGH

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

EPSS 2.06% · 84.2th percentile

Risk Scores

CVSS v3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
2.06%
84.2th percentile

Affected Products

VendorProductVersions
f5big-ip_access_policy_manager14.1.0, 16.0.0, 15.1.0
f5big-ip_application_security_manager12.1.0, 16.0.0, 15.1.0
f5big-ip_fraud_protection_service16.0.0, 14.1.0, 15.1.0
f5big-ip_policy_enforcement_manager16.0.0, 11.6.1, 12.1.0
f5big-ip_global_traffic_manager13.1.0, 11.6.1, 12.1.0
f5big-ip_application_acceleration_manager13.1.0, 12.1.0, 11.6.1
n/aBIG-IP*
f5big-ip_advanced_firewall_manager16.0.0, 11.6.1, 14.1.0
f5big-ip_analytics15.1.0, 16.0.0, 14.1.0
f5big-ip_ddos_hybrid_defender14.1.0, 12.1.0, 16.0.0
f5big-ip_link_controller14.1.0, 12.1.0, 13.1.0
f5big-ip_domain_name_system12.1.0, 13.1.0, 11.6.1
f5big-ip_local_traffic_manager12.1.0, 11.6.1, 16.0.0
f5big-ip_advanced_web_application_firewall11.6.1, 12.1.0, 13.1.0
f5ssl_orchestrator11.6.1, 13.1.0, 14.1.0

Timeline

  • Mar 31, 2021 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 22, 2021 EPSS Score
  • Sep 23, 2021 PoC Published
  • Oct 25, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 2, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›