QID 375869

Date Published: 2021-09-23

QID 375869: F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) Authenticated Remote Command Execution (RCE) Vulnerability (K55543151)

F5 BIG-IP ASM (Application Security Manager) is a flexible web application firewall that secures web applications in traditional, virtual, and private cloud environments.
F5 BIG-IP (LTM) Local Traffic Manager is the most popular module offered on F5 Networks BIG-IP platform. The real power of the LTM is it is a Full Proxy, allowing you to augment client and server side connections. All while making informed load balancing decisions on availability, performance, and persistence.
F5 BIG-IP Access Policy Manager (APM) is a secure, flexible, high-performance solution that provides unified global access to your network, cloud, and applications.

An authenticated remote command execution vulnerability exists in the BIG-IP Configuration utility. (CVE-2021-23025)

Vulnerable Component: BIG-IP ASM, APM, LTM

Affected Versions:
15.0.0 -
14.1.0 -
13.1.0 -
12.1.0 - 12.1.6 11.6.1 - 11.6.5

QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.

This vulnerability may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services. There is no data plane exposure; this is a control plane issue only. This vulnerability may result in complete system compromise.

  • CVSS V3 rated as Critical - 8.8 severity.
  • CVSS V2 rated as High - 6.5 severity.
  • Solution
    The vendor has released patch, for more information please visit: K55543151
    Vendor References

    CVEs related to QID 375869

    Software Advisories
    Advisory ID Software Component Link
    K55543151 URL Logo support.f5.com/csp/article/K55543151