Sunday, March 14, 2021

F5 Networks: K18132488 (CVE-2021-22987): Appliance mode TMUI authenticated remote command execution vulnerability

Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.From K18132488:This vulnerability allows authenticated users with network access to the Configuration utility, through the BIG-IP management port, or self IP addresses, to execute arbitrary system commands, create or delete files, or disable services. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Exploitation can lead to complete system compromise and breakout of Appliance mode. Appliance mode is enforced by a specific license or may be enabled or disabled for individual vCMP guest instances. For information on Appliance mode, refer to: K12815: Overview of Appliance mode. 
Solution(s)
  • f5-big-ip-upgrade-latest


  • References
  • https://support.f5.com/csp/article/K02566623
  • https://support.f5.com/csp/article/K18132488
  • CVE-2021-22987




  •  

    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated