CVE-2021-23015
Published May 10, 2021
Last updated 3 years ago
Overview
- Description
- On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- Source
- f5sirt@f5.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-863
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F975B09-678D-49A3-9BCE-C4F3BF45B0BB",
"versionEndExcluding": "13.1.4",
"versionStartIncluding": "13.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB553A20-D521-4A32-AD49-8FFD5A95E684",
"versionEndExcluding": "14.1.4",
"versionStartIncluding": "14.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F04F2FB-12C2-4BC4-AFBB-9DA82E53D7EF",
"versionEndExcluding": "15.1.3",
"versionStartIncluding": "15.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A7706F70-BF89-480E-9AA6-3FE447375138",
"versionEndExcluding": "16.0.1.1",
"versionStartIncluding": "16.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A3D475E-7F63-4635-A5E4-83141D483E42",
"versionEndExcluding": "13.1.4",
"versionStartIncluding": "13.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD3FC6D2-5816-47C0-81AE-DED62570F090",
"versionEndExcluding": "14.1.4",
"versionStartIncluding": "14.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA17368C-7B1F-4B73-8296-3FC2656C0F04",
"versionEndExcluding": "15.1.3",
"versionStartIncluding": "15.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A84A8D4-9047-46D2-9C26-03C977D47AE4",
"versionEndExcluding": "16.0.1.1",
"versionStartIncluding": "16.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5360871B-4642-4FD5-A63E-5B70B7FD7F5F",
"versionEndExcluding": "13.1.4",
"versionStartIncluding": "13.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2A1BB14-BEB5-43DD-878D-83E51FBFD4E0",
"versionEndIncluding": "14.1.4",
"versionStartIncluding": "14.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "55E9A0EB-8118-400B-B901-80A8AAFC212F",
"versionEndExcluding": "15.1.3",
"versionStartIncluding": "15.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B9117DA-6AA9-4704-A092-B1D426E6370D",
"versionEndExcluding": "16.0.1.1",
"versionStartIncluding": "16.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B4FC017-1567-4D02-A594-7F46090C5828",
"versionEndExcluding": "13.1.4",
"versionStartIncluding": "13.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2442894-A473-49A5-95B6-6312C3407FE6",
"versionEndExcluding": "14.1.4",
"versionStartIncluding": "14.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3EC583B6-59E2-431B-A574-0A700F5713A6",
"versionEndExcluding": "15.1.3",
"versionStartIncluding": "15.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AE6833C-FF7C-4249-BF98-453645EEF8D9",
"versionEndExcluding": "16.0.1.1",
"versionStartIncluding": "16.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7816C2AB-A2E1-467B-A865-ED4E5AE6268A",
"versionEndExcluding": "13.1.4",
"versionStartIncluding": "13.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78F5DCAD-BE4E-4D57-82CD-ADAB32691A9E",
"versionEndExcluding": "14.1.4",
"versionStartIncluding": "14.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06D8F5CC-FD05-42EA-A3F2-49BB4A5009F3",
"versionEndExcluding": "15.1.3",
"versionStartIncluding": "15.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51E3E0A3-8A75-43F8-8E8A-0C07345B88FD",
"versionEndExcluding": "16.0.1.1",
"versionStartIncluding": "16.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75799571-1EF3-49A1-875D-0E97986BF9D3",
"versionEndExcluding": "13.1.4",
"versionStartIncluding": "13.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B318D4F-0D42-46CD-A5A9-02337BB1D2F2",
"versionEndExcluding": "14.1.4",
"versionStartIncluding": "14.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23CFD951-1C6F-4EE5-B8AA-06F29744F082",
"versionEndExcluding": "15.1.3",
"versionStartIncluding": "15.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7BB77EFF-A064-4475-A93C-5D5BA9313724",
"versionEndExcluding": "16.0.1.1",
"versionStartIncluding": "16.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "44513347-AC7C-4F28-85FC-3808C8F2446D",
"versionEndExcluding": "13.1.4",
"versionStartIncluding": "13.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE2899E6-ABEF-4B61-AB8D-AF060D571196",
"versionEndExcluding": "14.1.4",
"versionStartIncluding": "14.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92C9E947-BEF9-44CF-B129-D2BC0ECD5588",
"versionEndExcluding": "15.1.3",
"versionStartIncluding": "15.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40239D12-142E-4D36-A89E-0F7AB91B665A",
"versionEndExcluding": "16.0.1.1",
"versionStartIncluding": "16.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70C8C72D-B266-4BAD-A3E8-A9BE508D07A1",
"versionEndExcluding": "13.1.4",
"versionStartIncluding": "13.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7C6025C-7283-4568-929B-CFA11423E179",
"versionEndExcluding": "14.1.4",
"versionStartIncluding": "14.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2E2832C-0C5D-4051-A85B-162C5BF11DEE",
"versionEndExcluding": "15.1.3",
"versionStartIncluding": "15.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87CA1319-92D4-4C2F-B5D4-A2E86F538007",
"versionEndExcluding": "16.0.1.1",
"versionStartIncluding": "16.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8700A87A-30F8-4497-B429-2237AC1C064B",
"versionEndExcluding": "13.1.4",
"versionStartIncluding": "13.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BBBAD42C-06D5-437F-AB92-1DCC23C1A78B",
"versionEndExcluding": "14.1.4",
"versionStartIncluding": "14.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "247A56A6-5486-49C4-88B1-4251337044AB",
"versionEndExcluding": "15.1.3",
"versionStartIncluding": "15.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7FE9EF68-055B-40B2-A676-C4C7FAAF77B3",
"versionEndExcluding": "16.0.1.1",
"versionStartIncluding": "16.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF3949EF-0D27-4868-B136-996B4D38D9B1",
"versionEndExcluding": "13.1.4",
"versionStartIncluding": "13.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DB5F9D2-C452-4469-9626-15FA11960A9C",
"versionEndExcluding": "14.1.4",
"versionStartIncluding": "14.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E599573-DAE5-4481-9BA0-7796D7101E67",
"versionEndExcluding": "15.1.3",
"versionStartIncluding": "15.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD28DA4B-F671-41B8-B231-24D28682FE8F",
"versionEndExcluding": "16.0.1.1",
"versionStartIncluding": "16.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF6A13AE-9A16-4A69-A793-21CF85220073",
"versionEndExcluding": "13.1.4",
"versionStartIncluding": "13.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57388787-F9DF-4930-ACBC-F3D1DAA53190",
"versionEndExcluding": "14.1.4",
"versionStartIncluding": "14.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D67E4394-E1CC-4492-95E7-DCDA13049517",
"versionEndExcluding": "15.1.3",
"versionStartIncluding": "15.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47980A60-F9B6-47EE-AD74-4D6D03A71AD0",
"versionEndExcluding": "16.0.1.1",
"versionStartIncluding": "16.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87294E83-8020-4904-9244-326FAF3A1E92",
"versionEndExcluding": "13.1.4",
"versionStartIncluding": "13.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0AF0D639-0210-47D0-8680-6E09F0111D5D",
"versionEndExcluding": "14.1.4",
"versionStartIncluding": "14.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B6F6F41-B775-4A79-8284-C7BE0DA49DAA",
"versionEndExcluding": "15.1.3",
"versionStartIncluding": "15.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0901863-B55A-4C97-B9AC-B537D242D2BF",
"versionEndExcluding": "16.0.1.1",
"versionStartIncluding": "16.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F241FCC-B063-46F2-B646-FB093AAFF216",
"versionEndExcluding": "13.1.4",
"versionStartIncluding": "13.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "704DF342-2CB5-4791-BF30-294D07B53653",
"versionEndExcluding": "14.1.4",
"versionStartIncluding": "14.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50D58AEB-BB36-45A9-99D7-DC028F900707",
"versionEndExcluding": "15.1.3",
"versionStartIncluding": "15.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85065C6E-71F2-42B8-A169-51174987B8AF",
"versionEndExcluding": "16.0.1.1",
"versionStartIncluding": "16.0.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C0A2074-4C85-40B4-9D53-3E848E6D5DDD",
"versionEndExcluding": "13.1.4",
"versionStartIncluding": "13.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30CAABDE-CA8C-4F0A-B4D1-0633557AD5E1",
"versionEndExcluding": "14.1.4",
"versionStartIncluding": "14.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F071628-CC1B-4465-933D-7E5302DCC3A2",
"versionEndExcluding": "15.1.3",
"versionStartIncluding": "15.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4ADE8D9-D1EF-4591-AB3C-93D06BE701EC",
"versionEndExcluding": "16.0.1.1",
"versionStartIncluding": "16.0.0"
}
],
"operator": "OR"
}
]
}
]