8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.7%
Vulnerability Recommended Actions
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in theVersions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
BIG-IP/BIG-IQ/Enterprise Manager
To mitigate this vulnerability, you can disable the vulnerable ImageMagick coders in the global policy file**/etc/ImageMagick/policy.xml**. To do so, perform the following procedure:
Impact of action: Performing the following procedure should not have a negative impact on your system.
cp -p /etc/ImageMagick/policy.xml /var/tmp/policy.xml.sol10550253
<policymap>
<policy domain=โcoderโ rights=โnoneโ pattern=โEPHEMERALโ />
</policymap>
Supplemental Information
Note: For information about how to locate F5 product guides, refer to SOL12453464: Finding product documentation on AskF5.
support.f5.com/kb/en-us/solutions/public/4000/600/sol4602.html
support.f5.com/kb/en-us/solutions/public/4000/900/sol4918.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9957.html
support.f5.com/kb/en-us/solutions/public/9000/900/sol9970.html
support.f5.com/kb/en-us/solutions/public/k/03/sol03151140.html
support.f5.com/kb/en-us/solutions/public/k/12/sol12453464.html
support.f5.com/kb/en-us/solutions/public/k/25/sol25102203.html
support.f5.com/kb/en-us/solutions/public/k/29/sol29154575.html
support.f5.com/kb/en-us/solutions/public/k/61/sol61974123.html
8.4 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.7%