Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-22990
HistoryMar 31, 2021 - 5:15 p.m.

CVE-2021-22990

2021-03-3117:15:12
[email protected]
web.nvd.nist.gov
5
big-ip
remote command execution
tmui

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.5%

JSON

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Affected configurations

Nvd
Node
f5big-ip_access_policy_managerRange11.6.111.6.5.3
OR
f5big-ip_access_policy_managerRange12.1.012.1.5.3
OR
f5big-ip_access_policy_managerRange13.1.013.1.3.6
OR
f5big-ip_access_policy_managerRange14.1.014.1.4
OR
f5big-ip_access_policy_managerRange15.1.015.1.2.1
OR
f5big-ip_access_policy_managerRange16.0.016.0.1.1
OR
f5big-ip_advanced_firewall_managerRange11.6.111.6.5.3
OR
f5big-ip_advanced_firewall_managerRange12.1.012.1.5.3
OR
f5big-ip_advanced_firewall_managerRange13.1.013.1.3.6
OR
f5big-ip_advanced_firewall_managerRange14.1.014.1.4
OR
f5big-ip_advanced_firewall_managerRange15.1.015.1.2.1
OR
f5big-ip_advanced_firewall_managerRange16.0.016.0.1.1
OR
f5big-ip_advanced_web_application_firewallRange11.6.111.6.5.3
OR
f5big-ip_advanced_web_application_firewallRange12.1.012.1.5.3
OR
f5big-ip_advanced_web_application_firewallRange13.1.013.1.3.6
OR
f5big-ip_advanced_web_application_firewallRange14.1.014.1.4
OR
f5big-ip_advanced_web_application_firewallRange15.1.015.1.2.1
OR
f5big-ip_advanced_web_application_firewallRange16.0.016.0.1.1
OR
f5big-ip_analyticsRange11.6.111.6.5.3
OR
f5big-ip_analyticsRange12.1.012.1.5.3
OR
f5big-ip_analyticsRange13.1.013.1.3.6
OR
f5big-ip_analyticsRange14.1.014.1.4
OR
f5big-ip_analyticsRange15.1.015.1.2.1
OR
f5big-ip_analyticsRange16.0.016.0.1.1
OR
f5big-ip_application_acceleration_managerRange11.6.111.6.5.3
OR
f5big-ip_application_acceleration_managerRange12.1.012.1.5.3
OR
f5big-ip_application_acceleration_managerRange13.1.013.1.3.6
OR
f5big-ip_application_acceleration_managerRange14.1.014.1.4
OR
f5big-ip_application_acceleration_managerRange15.1.015.1.2.1
OR
f5big-ip_application_acceleration_managerRange16.0.016.0.1.1
OR
f5big-ip_application_security_managerRange11.6.111.6.5.3
OR
f5big-ip_application_security_managerRange12.1.012.1.5.3
OR
f5big-ip_application_security_managerRange13.1.013.1.3.6
OR
f5big-ip_application_security_managerRange14.1.014.1.4
OR
f5big-ip_application_security_managerRange15.1.015.1.2.1
OR
f5big-ip_application_security_managerRange16.0.016.0.1.1
OR
f5big-ip_ddos_hybrid_defenderRange11.6.111.6.5.3
OR
f5big-ip_ddos_hybrid_defenderRange12.1.012.1.5.3
OR
f5big-ip_ddos_hybrid_defenderRange13.1.013.1.3.6
OR
f5big-ip_ddos_hybrid_defenderRange14.1.014.1.4
OR
f5big-ip_ddos_hybrid_defenderRange15.1.015.1.2.1
OR
f5big-ip_ddos_hybrid_defenderRange16.0.016.0.1.1
OR
f5big-ip_domain_name_systemRange11.6.111.6.5.3
OR
f5big-ip_domain_name_systemRange12.1.012.1.5.3
OR
f5big-ip_domain_name_systemRange13.1.013.1.3.6
OR
f5big-ip_domain_name_systemRange14.1.014.1.4
OR
f5big-ip_domain_name_systemRange15.1.015.1.2.1
OR
f5big-ip_domain_name_systemRange16.0.016.0.1.1
OR
f5big-ip_fraud_protection_serviceRange11.6.111.6.5.3
OR
f5big-ip_fraud_protection_serviceRange12.1.012.1.5.3
OR
f5big-ip_fraud_protection_serviceRange13.1.013.1.3.6
OR
f5big-ip_fraud_protection_serviceRange14.1.014.1.4
OR
f5big-ip_fraud_protection_serviceRange15.1.015.1.2.1
OR
f5big-ip_fraud_protection_serviceRange16.0.016.0.1.1
OR
f5big-ip_global_traffic_managerRange11.6.111.6.5.3
OR
f5big-ip_global_traffic_managerRange12.1.012.1.5.3
OR
f5big-ip_global_traffic_managerRange13.1.013.1.3.6
OR
f5big-ip_global_traffic_managerRange14.1.014.1.4
OR
f5big-ip_global_traffic_managerRange15.1.015.1.2.1
OR
f5big-ip_global_traffic_managerRange16.0.016.0.1.1
OR
f5big-ip_link_controllerRange11.6.111.6.5.3
OR
f5big-ip_link_controllerRange12.1.012.1.5.3
OR
f5big-ip_link_controllerRange13.1.013.1.3.6
OR
f5big-ip_link_controllerRange14.1.014.1.4
OR
f5big-ip_link_controllerRange15.1.015.1.2.1
OR
f5big-ip_link_controllerRange16.0.016.0.1.1
OR
f5big-ip_local_traffic_managerRange11.6.111.6.5.3
OR
f5big-ip_local_traffic_managerRange12.1.012.1.5.3
OR
f5big-ip_local_traffic_managerRange13.1.013.1.3.6
OR
f5big-ip_local_traffic_managerRange14.1.014.1.4
OR
f5big-ip_local_traffic_managerRange15.1.015.1.2.1
OR
f5big-ip_local_traffic_managerRange16.0.016.0.1.1
OR
f5big-ip_policy_enforcement_managerRange11.6.111.6.5.3
OR
f5big-ip_policy_enforcement_managerRange12.1.012.1.5.3
OR
f5big-ip_policy_enforcement_managerRange13.1.013.1.3.6
OR
f5big-ip_policy_enforcement_managerRange14.1.014.1.4
OR
f5big-ip_policy_enforcement_managerRange15.1.015.1.2.1
OR
f5big-ip_policy_enforcement_managerRange16.0.016.0.1.1
OR
f5ssl_orchestratorRange11.6.111.6.5.3
OR
f5ssl_orchestratorRange12.1.012.1.5.3
OR
f5ssl_orchestratorRange13.1.013.1.3.6
OR
f5ssl_orchestratorRange14.1.014.1.4
OR
f5ssl_orchestratorRange15.1.015.1.2.1
OR
f5ssl_orchestratorRange16.0.016.0.1.1
VendorProductVersionCPE
f5big-ip_access_policy_manager*cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager*cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
f5big-ip_advanced_web_application_firewall*cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
f5big-ip_analytics*cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
f5big-ip_application_acceleration_manager*cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
f5big-ip_application_security_manager*cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
f5big-ip_ddos_hybrid_defender*cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
f5big-ip_domain_name_system*cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
f5big-ip_fraud_protection_service*cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
f5big-ip_global_traffic_manager*cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
Rows per page:
1-10 of 141

Related

cve 1
prion 1
nessus 1
cvelist 1
f5 3
seebug 1
rapid7blog 1
threatpost 1
cve
cve
CVE-2021-22990
2021-03-31 17:15:12
prion
prion
Design/Logic Flaw
2021-03-31 17:15:00
nessus
nessus
F5 Networks BIG-IP : Advanced WAF/ASM TMUI authenticated remote command execution vulnerability (K45056101)
2021-03-10 00:00:00
cvelist
cvelist
CVE-2021-22990
2021-03-31 16:44:38
f5
f5
K56142644 : Appliance mode Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22989
2021-03-10 00:00:00
K45056101 : Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22990
2021-03-10 00:00:00
K02566623 : Overview of F5 vulnerabilities (March 2021)
2021-03-10 00:00:00
seebug
seebug
F5 Networks 多个漏洞(CVE-2021-22986、CVE-2021-22987、CVE-2021-22988、CVE-2021-22989、CVE-2021-22990、CVE-2021-22991、CVE-2021-22992)
2021-03-12 00:00:00
rapid7blog
rapid7blog
F5 Discloses Eight Vulnerabilities—Including Four Critical Ones—in BIG-IP Systems
2021-03-18 20:19:22
threatpost
threatpost
F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs
2021-03-11 14:21:50

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

52.5%

JSON
Related for NVD:CVE-2021-22990
cve1prion1nessus1cvelist1f53seebug1rapid7blog1threatpost1