VYPR
Unrated severityNVD Advisory· Published Feb 14, 2024· Updated May 12, 2025

BIG-IP and BIG-IQ secure copy vulnerability

CVE-2024-21782

Description

BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected products

3
  • F5, Inc./Big IPllm-fuzzy3 versions
    (expand)+ 2 more
    • (no CPE)
    • (no CPE)range: 17.1.0
    • (no CPE)range: 8.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.