Unrated severityNVD Advisory· Published May 10, 2021· Updated Aug 3, 2024
CVE-2021-23012
CVE-2021-23012
Description
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash commands on BIG-IP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected products
2- F5/BIG-IPdescription
Patches
Vulnerability mechanics
References
1- support.f5.com/csp/article/K04234247mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.