Lucene search
F5CVELIST:CVE-2021-22990HistoryMar 31, 2021 - 4:44 p.m.
CVE-2021-22990
2021-03-3116:44:38
f5
www.cve.org
5
big-ip
tmui
authenticated
remote command execution
EPSS
0.002
Percentile
52.5%
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
CNA Affected
[
{
"product": "BIG-IP Advanced WAF or BIG-IP ASM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, 11.6.x before 11.6.5.3"
}
]
}
]References
Related
nvd
nvd
CVE-2021-22990
2021-03-31 17:15:12
cve
cve
CVE-2021-22990
2021-03-31 17:15:12
prion
prion
Design/Logic Flaw
2021-03-31 17:15:00
nessus
nessus
f5
f5
K56142644 : Appliance mode Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22989
2021-03-10 00:00:00
K45056101 : Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22990
2021-03-10 00:00:00
K02566623 : Overview of F5 vulnerabilities (March 2021)
2021-03-10 00:00:00
seebug
seebug
rapid7blog
rapid7blog
threatpost
threatpost
F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs
2021-03-11 14:21:50