Lucene search

[email protected]CVE-2021-22980

HistoryFeb 12, 2021 - 6:15 p.m.

CVE-2021-22980

2021-02-1218:15:00

CWE-426

[email protected]

web.nvd.nist.gov

cve

2021

22980

untrusted search path

big-ip

apm

client troubleshooting utility

ctu

windows

vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

26.5%

JSON

In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability in that the victim must run this utility on the Windows system. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CPENameOperatorVersion
f5:big-ip_access_policy_managerf5 big-ip access policy managerle12.1.5
f5:big-ip_access_policy_managerf5 big-ip access policy managerle11.6.5
f5:big-ip_access_policy_managerf5 big-ip access policy managerlt16.0.1.1
f5:big-ip_access_policy_managerf5 big-ip access policy managerlt13.1.3.6
f5:access_policy_manager_clientsf5 access policy manager clientslt7.1.8.5
f5:access_policy_manager_clientsf5 access policy manager clientslt7.1.9.8
f5:access_policy_manager_clientsf5 access policy manager clientslt7.2.1.1
f5:big-ip_access_policy_managerf5 big-ip access policy managerle14.1.3
f5:big-ip_access_policy_managerf5 big-ip access policy managerle15.1.2

CPE	Name	Operator	Version
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	le	12.1.5
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	le	11.6.5
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	lt	16.0.1.1
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	lt	13.1.3.6
f5:access_policy_manager_clients	f5 access policy manager clients	lt	7.1.8.5
f5:access_policy_manager_clients	f5 access policy manager clients	lt	7.1.9.8
f5:access_policy_manager_clients	f5 access policy manager clients	lt	7.2.1.1
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	le	14.1.3
f5:big-ip_access_policy_manager	f5 big-ip access policy manager	le	15.1.2

References

support.f5.com/csp/article/K29282483

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

26.5%

JSON

Related for CVE-2021-22980

nessus1 prion1 f51