VDB
CVE-2021-22990
CVE-2021-22990
PUBLISHED
CVSS 7.199999809265137 HIGH
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
EPSS 1.59% · 82.0th percentile
Risk Scores
CVSS v3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
1.59%
82.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| f5 | big-ip_advanced_web_application_firewall | 15.1.0, 12.1.0, 14.1.0 |
| f5 | big-ip_policy_enforcement_manager | 12.1.0, 16.0.0, 15.1.0 |
| n/a | BIG-IP Advanced WAF or BIG-IP ASM | 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, 11.6.x before 11.6.5.3 |
| f5 | big-ip_advanced_firewall_manager | 12.1.0, 14.1.0, 16.0.0 |
| f5 | big-ip_application_security_manager | 14.1.0, 11.6.1, 13.1.0 |
| f5 | big-ip_global_traffic_manager | 16.0.0, 12.1.0, 13.1.0 |
| f5 | big-ip_access_policy_manager | 14.1.0, 15.1.0, 11.6.1 |
| f5 | big-ip_ddos_hybrid_defender | 13.1.0, 15.1.0, 16.0.0 |
| f5 | big-ip_fraud_protection_service | 16.0.0, 15.1.0, 14.1.0 |
| f5 | big-ip_analytics | 14.1.0, 12.1.0, 15.1.0 |
| f5 | big-ip_application_acceleration_manager | 12.1.0, 11.6.1, 13.1.0 |
| f5 | big-ip_domain_name_system | 12.1.0, 13.1.0, 14.1.0 |
| f5 | big-ip_link_controller | 14.1.0, 15.1.0, 16.0.0 |
| f5 | big-ip_local_traffic_manager | 14.1.0, 15.1.0, 11.6.1 |
| f5 | ssl_orchestrator | 16.0.0, 15.1.0, 14.1.0 |
Timeline
- Mar 11, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Sep 23, 2021 PoC Published
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://support.f5.com/csp/article/K45056101 url
- https://support.f5.com/csp/article/K03009991 advisory
- https://support.f5.com/csp/article/K68251873 advisory
- https://support.f5.com/csp/article/K67830124 advisory
- https://support.f5.com/csp/article/K66851119 advisory
- https://support.f5.com/csp/article/K56715231 advisory
- https://support.f5.com/csp/article/K51674118 advisory
- https://support.f5.com/csp/article/K18132488 advisory
- https://support.f5.com/csp/article/K52510511 advisory
- https://support.f5.com/csp/article/K70031188 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-22990 advisory