On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash commands on BIG-IP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References
Link | Resource |
---|---|
https://support.f5.com/csp/article/K04234247 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: f5
Published: 2021-05-10T14:08:13
Updated: 2021-05-10T14:08:13
Reserved: 2021-01-06T00:00:00
Link: CVE-2021-23012
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-05-10T15:15:07.427
Modified: 2022-06-28T14:11:45.273
Link: CVE-2021-23012
JSON object: View
Redhat Information
No data.
CWE