Authentication flaw

2022-05-0517:15:00

PRIOn knowledge base

www.prio-n.com

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.6%

JSON

On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CPENameOperatorVersion
big-ip_access_policy_managerge12.1.0
big-ip_access_policy_managerle12.1.6
big-ip_access_policy_managerge16.1.0
big-ip_access_policy_managerlt16.1.2.2
big-ip_access_policy_managerge15.1.0
big-ip_access_policy_managerlt15.1.5.1
big-ip_access_policy_managerge14.1.0
big-ip_access_policy_managerlt14.1.4.6
big-ip_access_policy_managerge13.1.0
big-ip_access_policy_managerlt13.1.5

Name	Operator	Version
big-ip_access_policy_manager	ge	12.1.0
big-ip_access_policy_manager	le	12.1.6
big-ip_access_policy_manager	ge	16.1.0
big-ip_access_policy_manager	lt	16.1.2.2
big-ip_access_policy_manager	ge	15.1.0
big-ip_access_policy_manager	lt	15.1.5.1
big-ip_access_policy_manager	ge	14.1.0
big-ip_access_policy_manager	lt	14.1.4.6
big-ip_access_policy_manager	ge	13.1.0
big-ip_access_policy_manager	lt	13.1.5