CVE-2021-22987
CRITICALBIG-IP <16.0.1.1, 15.1.2.1, 14.1.4, 13.1.3.6, 12.1.5.3, 11.6.5.3 - ...
Title source: llmDescription
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K18132488
Scores
CVSS v3
9.9
EPSS
0.0153
EPSS Percentile
81.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
Status
published
Products (14)
f5/big-ip_access_policy_manager
11.6.1 - 11.6.5.3
f5/big-ip_advanced_firewall_manager
11.6.1 - 11.6.5.3
f5/big-ip_advanced_web_application_firewall
11.6.1 - 11.6.5.3
f5/big-ip_analytics
11.6.1 - 11.6.5.3
f5/big-ip_application_acceleration_manager
11.6.1 - 11.6.5.3
f5/big-ip_application_security_manager
11.6.1 - 11.6.5.3
f5/big-ip_ddos_hybrid_defender
11.6.1 - 11.6.5.3
f5/big-ip_domain_name_system
11.6.1 - 11.6.5.3
f5/big-ip_fraud_protection_service
11.6.1 - 11.6.5.3
f5/big-ip_global_traffic_manager
11.6.1 - 11.6.5.3
... and 4 more
Published
Mar 31, 2021
Tracked Since
Feb 18, 2026