CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
53.0%
BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in a complete compromise of the system. This issue only impacts specific engineering hotfixes using the aforementioned authentication configuration. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.3.0.79.6-ENG.iso, Hotfix-BIGIP-14.1.0.3.0.97.6-ENG.iso, Hotfix-BIGIP-14.1.0.3.0.99.6-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.15.5-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.36.5-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.40.5-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.11.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.14.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.68.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.70.9-ENG.iso, Hotfix-BIGIP-14.1.2.0.11.37-ENG.iso, Hotfix-BIGIP-14.1.2.0.18.37-ENG.iso, Hotfix-BIGIP-14.1.2.0.32.37-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.46.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.14.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.16.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.34.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.97.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.99.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.105.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.111.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.115.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.122.4-ENG.iso, Hotfix-BIGIP-15.0.1.0.33.11-ENG.iso, Hotfix-BIGIP-15.0.1.0.48.11-ENG.iso
Vendor | Product | Version | CPE |
---|---|---|---|
f5 | big-ip_link_controller | * | cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* |
f5 | big-ip_link_controller | 14.1.0.3.0.79.6-eng_hotfix | cpe:2.3:a:f5:big-ip_link_controller:14.1.0.3.0.79.6-eng_hotfix:*:*:*:*:*:*:* |
f5 | big-ip_link_controller | 14.1.0.3.0.97.6-eng_hotfix | cpe:2.3:a:f5:big-ip_link_controller:14.1.0.3.0.97.6-eng_hotfix:*:*:*:*:*:*:* |
f5 | big-ip_link_controller | 14.1.0.3.0.99.6-eng_hotfix | cpe:2.3:a:f5:big-ip_link_controller:14.1.0.3.0.99.6-eng_hotfix:*:*:*:*:*:*:* |
f5 | big-ip_link_controller | 14.1.0.5.0.15.5-eng_hotfix | cpe:2.3:a:f5:big-ip_link_controller:14.1.0.5.0.15.5-eng_hotfix:*:*:*:*:*:*:* |
f5 | big-ip_link_controller | 14.1.0.5.0.36.5-eng_hotfix | cpe:2.3:a:f5:big-ip_link_controller:14.1.0.5.0.36.5-eng_hotfix:*:*:*:*:*:*:* |
f5 | big-ip_link_controller | 14.1.0.5.0.40.5-eng_hotfix | cpe:2.3:a:f5:big-ip_link_controller:14.1.0.5.0.40.5-eng_hotfix:*:*:*:*:*:*:* |
f5 | big-ip_link_controller | 14.1.0.6.0.11.9-eng_hotfix | cpe:2.3:a:f5:big-ip_link_controller:14.1.0.6.0.11.9-eng_hotfix:*:*:*:*:*:*:* |
f5 | big-ip_link_controller | 14.1.0.6.0.14.9-eng_hotfix | cpe:2.3:a:f5:big-ip_link_controller:14.1.0.6.0.14.9-eng_hotfix:*:*:*:*:*:*:* |
f5 | big-ip_link_controller | 14.1.0.6.0.68.9-eng_hotfix | cpe:2.3:a:f5:big-ip_link_controller:14.1.0.6.0.68.9-eng_hotfix:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
53.0%