Design/Logic Flaw

2023-10-2621:15:00

PRIOn knowledge base

www.prio-n.com

configuration flaw

authentication bypass

network access

arbitrary commands

end of support

9.5 High

AI Score

Confidence

High

0.972 High

EPSS

Percentile

99.8%

JSON

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CPENameOperatorVersion
big-ip_access_policy_managerge13.1.0
big-ip_access_policy_managerle13.1.5
big-ip_access_policy_managerge14.1.0
big-ip_access_policy_managerle14.1.5
big-ip_access_policy_managerge15.1.0
big-ip_access_policy_managerle15.1.10
big-ip_access_policy_managerge16.1.0
big-ip_access_policy_managerle16.1.4
big-ip_access_policy_managerge17.1.0
big-ip_access_policy_managerle17.1.1

Name	Operator	Version
big-ip_access_policy_manager	ge	13.1.0
big-ip_access_policy_manager	le	13.1.5
big-ip_access_policy_manager	ge	14.1.0
big-ip_access_policy_manager	le	14.1.5
big-ip_access_policy_manager	ge	15.1.0
big-ip_access_policy_manager	le	15.1.10
big-ip_access_policy_manager	ge	16.1.0
big-ip_access_policy_manager	le	16.1.4
big-ip_access_policy_manager	ge	17.1.0
big-ip_access_policy_manager	le	17.1.1