Race condition

2021-02-1217:15:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.1%

JSON

On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6 and all versions of BIG-IQ 7.x and 6.x, an authenticated attacker with access to iControl REST over the control plane may be able to take advantage of a race condition to execute commands with an elevated privilege level. This vulnerability is due to an incomplete fix for CVE-2017-6167. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CPENameOperatorVersion
big-ip_access_policy_managerge14.1.0
big-ip_access_policy_managerlt14.1.3.1
big-ip_access_policy_managerge16.0.0
big-ip_access_policy_managerlt16.0.1.1
big-ip_access_policy_managerge15.1.0
big-ip_access_policy_managerlt15.1.2
big-ip_access_policy_managerge13.1.0
big-ip_access_policy_managerlt13.1.3.6
big-ip_advanced_firewall_managerge13.1.0
big-ip_advanced_firewall_managerlt13.1.3.5

Name	Operator	Version
big-ip_access_policy_manager	ge	14.1.0
big-ip_access_policy_manager	lt	14.1.3.1
big-ip_access_policy_manager	ge	16.0.0
big-ip_access_policy_manager	lt	16.0.1.1
big-ip_access_policy_manager	ge	15.1.0
big-ip_access_policy_manager	lt	15.1.2
big-ip_access_policy_manager	ge	13.1.0
big-ip_access_policy_manager	lt	13.1.3.6
big-ip_advanced_firewall_manager	ge	13.1.0
big-ip_advanced_firewall_manager	lt	13.1.3.5