CVE-2021-23031

Published Sep 14, 2021

Last updated 3 years ago

CVSS critical 9.9

Overview

Description: On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Source: f5sirt@f5.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.9
Impact score: 6
Exploitability score: 3.1
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-78
f5sirt@f5.com: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6AF221D-F7EC-40C9-BC9C-4F7C054C1600",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "322AA283-E494-45E0-975E-2725E2FCC2DE",
            "versionEndIncluding": "12.1.5",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0802E0C1-9F02-4AFF-87B3-12BFE56C6D23",
            "versionEndIncluding": "13.1.3",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2A1BB14-BEB5-43DD-878D-83E51FBFD4E0",
            "versionEndIncluding": "14.1.4",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F7EE1E34-5DAE-4162-93E7-F043E5DF67C8",
            "versionEndIncluding": "15.1.2",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D3877DD-4285-4EA1-9E76-A7EF48B0B1B5",
            "versionEndIncluding": "16.0.1.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9A86305-2292-40FB-A984-9B15F7A079F0",
            "versionEndIncluding": "11.6.5.2",
            "versionStartIncluding": "11.6.1"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E5552A3-91CD-4B97-AD33-4F1FB4C8827A",
            "versionEndIncluding": "12.1.5",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A53C692-D353-42E3-9148-F850DA11884F",
            "versionEndIncluding": "13.1.3",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15EB0439-9C16-45C2-895D-44D6ED1A028A",
            "versionEndIncluding": "14.1.4",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E60DDD42-73D2-44BE-B101-03E313E5C35C",
            "versionEndIncluding": "15.1.2",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C19CC5B0-63A3-454E-B0F4-9F4A6D176567",
            "versionEndIncluding": "16.0.1.1",
            "versionStartIncluding": "16.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References