CVE-2021-22980
Published on: 02/12/2021 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:29:10 PM UTC
Certain versions of Access Policy Manager Clients from F5 contain the following vulnerability:
In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability in that the victim must run this utility on the Windows system. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
- CVE-2021-22980 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
LOCAL | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 6.9 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
LOCAL | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
COMPLETE | COMPLETE | COMPLETE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
No Description Provided | Vendor Advisory support.f5.com text/html | MISC support.f5.com/csp/article/K29282483 |
Related QID Numbers
- 376080 F5 BIG-IP Access Policy Manager (APM) CTU Vulnerability (K29282483)
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | F5 | Access Policy Manager Clients | All | All | All | All |
Application | F5 | Access Policy Manager Clients | All | All | All | All |
Application | F5 | Big-ip Access Policy Manager | All | All | All | All |
Application | F5 | Big-ip Access Policy Manager | All | All | All | All |
Application | F5 | Big-ip Access Policy Manager | All | All | All | All |
Application | F5 | Big-ip Access Policy Manager | All | All | All | All |
Application | F5 | Big-ip Access Policy Manager | All | All | All | All |
Application | F5 | Big-ip Access Policy Manager | All | All | All | All |
- cpe:2.3:a:f5:access_policy_manager_clients:*:*:*:*:*:*:*:*:
- cpe:2.3:a:f5:access_policy_manager_clients:*:*:*:*:*:*:*:*:
- cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*:
- cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*:
- cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*:
- cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*:
- cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*:
- cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE