K56142644 : Appliance mode Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22989

Security Advisory Description

When running in Appliance mode with Advanced WAF or ASM provisioned, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. (CVE-2021-22989)

Note: For systems not running in Appliance mode, refer to K45056101 Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22990.

Impact

This vulnerability allows highly privileged authenticated users with the roles Administrator, Resource Administrator, or Application Security Administrator with network access to the Configuration utility, through the BIG-IP management port or self IP addresses, to execute arbitrary system commands, create or delete files, or disable services. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Exploitation can lead to complete system compromise and breakout of Appliance mode. Appliance mode is enforced by a specific license or may be enabled or disabled for individual vCMP guest instances. For information on Appliance mode, refer to K12815: Overview of Appliance mode.

Note: If you believe your system may have been compromised, refer to K11438344: Considerations and guidance when you suspect a security compromise on a BIG-IP system.