Code injection

2019-03-1322:29:00

PRIOn knowledge base

www.prio-n.com

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.5%

JSON

In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.1-11.6.3.2, or 11.5.1-11.5.8 or Enterprise Manager 3.1.1, malformed requests to the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, may lead to disruption of TMUI services. This attack requires an authenticated user with any role (other than the No Access role). The No Access user role cannot login and does not have the access level to perform the attack.

CPENameOperatorVersion
big-ip_access_policy_managerge13.0.0
big-ip_access_policy_managerle13.1.0.7
big-ip_access_policy_managerge12.1.0
big-ip_access_policy_managerle12.1.3.5
big-ip_access_policy_managerge14.0.0
big-ip_access_policy_managerle14.0.0.2
big-ip_access_policy_managerge11.5.1
big-ip_access_policy_managerle11.5.8
big-ip_access_policy_managerge11.6.1
big-ip_access_policy_managerle11.6.3.2

Name	Operator	Version
big-ip_access_policy_manager	ge	13.0.0
big-ip_access_policy_manager	le	13.1.0.7
big-ip_access_policy_manager	ge	12.1.0
big-ip_access_policy_manager	le	12.1.3.5
big-ip_access_policy_manager	ge	14.0.0
big-ip_access_policy_manager	le	14.0.0.2
big-ip_access_policy_manager	ge	11.5.1
big-ip_access_policy_manager	le	11.5.8
big-ip_access_policy_manager	ge	11.6.1
big-ip_access_policy_manager	le	11.6.3.2