Lucene search

CVE-2021-22974

🗓️ 12 Feb 2021 17:14:15Reported by f5Type

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 73 Views

CVE-2021-22974 On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 12
NVD	CVE-2021-22974	12 Feb 202117:15	–	nvd
NVD	CVE-2017-6167	21 Dec 201717:29	–	nvd
Cvelist	CVE-2021-22974	12 Feb 202116:23	–	cvelist
Cvelist	CVE-2017-6167	21 Dec 201717:00	–	cvelist
Prion	Race condition	12 Feb 202117:15	–	prion
Prion	Race condition	21 Dec 201717:29	–	prion
Tenable Nessus	F5 Networks BIG-IP : iControl REST vulnerability (K68652018)	11 Feb 202100:00	–	nessus
Tenable Nessus	F5 Networks BIG-IP : iControl REST vulnerability (K24465120)	2 Nov 201800:00	–	nessus
CNVD	BIG-IP Competitive Conditions Issue Vulnerability (CNVD-2021-13215)	25 Feb 202100:00	–	cnvd
F5 Networks	K68652018 : iControl REST vulnerability CVE-2021-22974	10 Feb 202100:00	–	f5

Nvd

Node

f5 big-ip_access_policy_managerRange13.1.0–13.1.3.6

f5 big-ip_access_policy_managerRange14.1.0–14.1.3.1

f5 big-ip_access_policy_managerRange15.1.0–15.1.2

f5 big-ip_access_policy_managerRange16.0.0–16.0.1.1

f5 big-ip_advanced_firewall_managerRange13.1.0–13.1.3.5

f5 big-ip_advanced_firewall_managerRange14.1.0–14.1.3.1

f5 big-ip_advanced_firewall_managerRange15.1.0–15.1.2

f5 big-ip_advanced_firewall_managerRange16.0.0–16.0.1.1

f5 big-ip_advanced_web_application_firewallRange13.1.0–13.1.3.6

f5 big-ip_advanced_web_application_firewallRange14.1.0–14.1.3.1

f5 big-ip_advanced_web_application_firewallRange15.1.0–15.1.2

f5 big-ip_advanced_web_application_firewallRange16.0.0–16.0.1.1

f5 big-ip_analyticsRange13.1.0–13.1.3.6

f5 big-ip_analyticsRange14.1.0–14.1.3.1

f5 big-ip_analyticsRange15.1.0–15.1.2

f5 big-ip_analyticsRange16.0.0–16.0.1.1

f5 big-ip_application_acceleration_managerRange13.1.0–13.1.3.6

f5 big-ip_application_acceleration_managerRange14.1.0–14.1.3.1

f5 big-ip_application_acceleration_managerRange15.1.0–15.1.2

f5 big-ip_application_acceleration_managerRange16.0.0–16.0.1.1

f5 big-ip_application_security_managerRange13.1.0–13.1.3.6

f5 big-ip_application_security_managerRange14.1.0–14.1.3.1

f5 big-ip_application_security_managerRange15.1.0–15.1.2

f5 big-ip_application_security_managerRange16.0.0–16.0.1.1

f5 big-ip_ddos_hybrid_defenderRange13.1.0–13.1.3.6

f5 big-ip_ddos_hybrid_defenderRange14.1.0–14.1.3.1

f5 big-ip_ddos_hybrid_defenderRange15.1.0–15.1.2

f5 big-ip_ddos_hybrid_defenderRange16.0.0–16.0.1.1

f5 big-ip_domain_name_systemRange13.1.0–13.1.3.6

f5 big-ip_domain_name_systemRange14.1.0–14.1.3.1

f5 big-ip_domain_name_systemRange15.1.0–15.1.2

f5 big-ip_domain_name_systemRange16.0.0–16.0.1.1

f5 big-ip_fraud_protection_serviceRange13.1.0–13.1.3.5

f5 big-ip_fraud_protection_serviceRange14.1.0–14.1.3.1

f5 big-ip_fraud_protection_serviceRange15.1.0–15.1.2

f5 big-ip_fraud_protection_serviceRange16.0.0–16.0.1.1

f5 big-ip_global_traffic_managerRange13.1.0–13.1.3.6

f5 big-ip_global_traffic_managerRange14.1.0–14.1.3.1

f5 big-ip_global_traffic_managerRange15.1.0–15.1.2

f5 big-ip_global_traffic_managerRange16.0.0–16.0.1.1

f5 big-ip_link_controllerRange13.1.0–13.1.3.6

f5 big-ip_link_controllerRange14.1.0–14.1.3.1

f5 big-ip_link_controllerRange15.1.0–15.1.2

f5 big-ip_link_controllerRange16.0.0–16.0.1.1

f5 big-ip_local_traffic_managerRange13.1.0–13.1.3.6

f5 big-ip_local_traffic_managerRange14.1.0–14.1.3.1

f5 big-ip_local_traffic_managerRange15.1.0–15.1.2

f5 big-ip_local_traffic_managerRange16.0.0–16.0.1.1

f5 big-ip_policy_enforcement_managerRange13.1.0–13.1.3.6

f5 big-ip_policy_enforcement_managerRange14.1.0–14.1.3.1

f5 big-ip_policy_enforcement_managerRange15.1.0–15.1.2

f5 big-ip_policy_enforcement_managerRange16.0.0–16.0.1.1

f5 big-ip_ssl_orchestratorRange13.1.0–13.1.3.6

f5 big-ip_ssl_orchestratorRange14.1.0–14.1.3.1

f5 big-ip_ssl_orchestratorRange15.1.0–15.1.2

f5 big-ip_ssl_orchestratorRange16.0.0–16.0.1.1

f5 big-iq_centralized_managementRange6.0.0–6.1.0

f5 big-iq_centralized_managementRange7.0.0–7.1.0

[
  {
    "product": "BIG-IP, BIG-IQ",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x"
      }
    ]
  }
]

Source	Link
support	www.support.f5.com/csp/article/K68652018

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

12 Feb 2021 17:15Current

7.6High risk

Vulners AI Score7.6

CVSS26

CVSS37.5

EPSS0.00329

CWE-362