K36926027 : NGINX Controller vulnerability CVE-2021-23021

2021-05-2500:00:00

my.f5.com

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Security Advisory Description

The agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644. (CVE-2021-23021)

Impact

Local attackers are able to obtain the sensitive data, such as the API key.

CPENameOperatorVersion
f5 ssl orchestratoreq14.1.0
f5 ssl orchestratoreq15.1.0
f5 ssl orchestratoreq15.1.1
f5 ssl orchestratoreq16.0.0
big-ip afmeq11.6.1
big-ip afmeq11.6.2
big-ip afmeq11.6.3
big-ip afmeq11.6.4
big-ip afmeq11.6.5
big-ip afmeq12.1.0

Name	Operator	Version
f5 ssl orchestrator	eq	14.1.0
f5 ssl orchestrator	eq	15.1.0
f5 ssl orchestrator	eq	15.1.1
f5 ssl orchestrator	eq	16.0.0
big-ip afm	eq	11.6.1
big-ip afm	eq	11.6.2
big-ip afm	eq	11.6.3
big-ip afm	eq	11.6.4
big-ip afm	eq	11.6.5
big-ip afm	eq	12.1.0

Rows per page:

1-10 of 2611