Lucene search
F5F5:K98606833HistoryFeb 14, 2024 - 12:00 a.m.
K98606833 : BIG-IP and BIG-IQ scp vulnerability CVE-2024-21782
2024-02-1400:00:00
my.f5.com
14
big-ip
big-iq
scp vulnerability
cve-2024-21782
arbitrary commands
dos
Security Advisory Description
BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced Shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. (CVE-2024-21782)
Impact
A local authenticated user can run arbitrary commands to gain access to restricted information, modify files, or cause a denial-of-service (DoS).
Related
nvd
nvd
CVE-2024-21782
2024-02-14 17:15:12
CVE-2020-5873
2020-04-30 21:15:16
prion
prion
Command injection
2024-02-14 17:15:00
Cross site request forgery (csrf)
2020-04-30 21:15:00
nessus
nessus
F5 Networks BIG-IP : BIG-IP and BIG-IQ scp vulnerability (K98606833)
2024-02-14 00:00:00
F5 Networks BIG-IP : F5 secure shell vulnerability (K03585731)
2020-04-30 00:00:00
cvelist
cvelist
CVE-2024-21782 BIG-IP and BIG-IQ secure copy vulnerability
2024-02-14 16:30:20
CVE-2020-5873
2020-04-30 20:21:54
cve
cve
CVE-2024-21782
2024-02-14 17:15:12
CVE-2020-5873
2020-04-30 21:15:16
f5
f5
K03585731 : F5 secure shell vulnerability CVE-2020-5873
2020-04-30 00:00:00
K000138353 : Quarterly Security Notification (February 2024)
2024-02-14 00:00:00