CVE-2021-23024 - OpenCVE

On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
F5	Big-iq Centralized Management

Configuration 1 [-]

OR	cpe:2.3:a:f5:big-iq_centralized_management::::::::
	cpe:2.3:a:f5:big-iq_centralized_management::::::::
	cpe:2.3:a:f5:big-iq_centralized_management::::::::

References

Link	Resource
http://packetstormsecurity.com/files/163264/F5-BIG-IQ-VE-8.0.0-2923215-Remote-Root.html	Exploit Third Party Advisory VDB Entry
https://support.f5.com/csp/article/K06024431	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: f5

Published: 2021-06-10T14:35:08

Updated: 2021-06-23T17:06:26

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-23024

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-06-10T15:15:09.150

Modified: 2021-09-20T13:50:32.627

Link: CVE-2021-23024

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "BIG-IQ", "vendor": "n/a", "versions": [{"status": "affected", "version": "8.0.x before 8.0.0.1, and all 6.x and 7.x versions"}]}], "descriptions": [{"lang": "en", "value": "On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}], "problemTypes": [{"descriptions": [{"description": "remote command execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-23T17:06:26", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.f5.com/csp/article/K06024431"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/163264/F5-BIG-IQ-VE-8.0.0-2923215-Remote-Root.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "f5sirt@f5.com", "ID": "CVE-2021-23024", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIG-IQ", "version": {"version_data": [{"version_value": "8.0.x before 8.0.0.1, and all 6.x and 7.x versions"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "remote command execution"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K06024431", "refsource": "MISC", "url": "https://support.f5.com/csp/article/K06024431"}, {"name": "http://packetstormsecurity.com/files/163264/F5-BIG-IQ-VE-8.0.0-2923215-Remote-Root.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/163264/F5-BIG-IQ-VE-8.0.0-2923215-Remote-Root.html"}]}}}}, "cveMetadata": {"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2021-23024", "datePublished": "2021-06-10T14:35:08", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2021-06-23T17:06:26", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "F37D18F2-8C6A-4557-85DC-2A751595423C", "versionEndIncluding": "6.1.0", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "C88B0206-093A-4A18-8322-A1CD1D4ACF2A", "versionEndIncluding": "7.1.0", "versionStartIncluding": "7.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F777C94-652D-4F71-8E29-0CDDA298F1BC", "versionEndExcluding": "8.0.0.1", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "On version 8.0.x before 8.0.0.1, and all 6.x and 7.x versions, the BIG-IQ Configuration utility has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}, {"lang": "es", "value": "En la versi\u00f3n 8.0.x anterior a 8.0.0.1, y en todas las versiones 6.x y 7.x, la utilidad BIG-IQ Configuration tiene una vulnerabilidad de ejecuci\u00f3n de comandos remotos autenticados en p\u00e1ginas no reveladas. Nota: Las versiones de software que han alcanzado el fin del soporte t\u00e9cnico (EoTS) no se eval\u00faan"}], "id": "CVE-2021-23024", "lastModified": "2021-09-20T13:50:32.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-10T15:15:09.150", "references": [{"source": "f5sirt@f5.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/163264/F5-BIG-IQ-VE-8.0.0-2923215-Remote-Root.html"}, {"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K06024431"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}