CVE-2021-22988

HIGH

BIG-IP <16.0.1.1, 15.1.2.1, 14.1.4, 13.1.3.6, 12.1.5.3, 11.6.5.3 - ...

Title source: llm
STIX 2.1

Description

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K70031188

Scores

CVSS v3 8.8
EPSS 0.0206
EPSS Percentile 84.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (14)
f5/big-ip_access_policy_manager 11.6.1 - 11.6.5.3
f5/big-ip_advanced_firewall_manager 11.6.1 - 11.6.5.3
f5/big-ip_advanced_web_application_firewall 11.6.1 - 11.6.5.3
f5/big-ip_analytics 11.6.1 - 11.6.5.3
f5/big-ip_application_acceleration_manager 11.6.1 - 11.6.5.3
f5/big-ip_application_security_manager 11.6.1 - 11.6.5.3
f5/big-ip_ddos_hybrid_defender 11.6.1 - 11.6.5.3
f5/big-ip_domain_name_system 11.6.1 - 11.6.5.3
f5/big-ip_fraud_protection_service 11.6.1 - 11.6.5.3
f5/big-ip_global_traffic_manager 11.6.1 - 11.6.5.3
... and 4 more
Published Mar 31, 2021
Tracked Since Feb 18, 2026