QID 376062
Date Published: 2021-11-18
QID 376062: F5 BIG-IP Application Security Manager (ASM) Appliance Mode Advanced WAF/ASM Traffic Management User Interface (TMUI) Authenticated Remote Command Execution Vulnerability (K56142644)
When running in Appliance mode with Advanced WAF or ASM provisioned, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. (CVE-2021-22989)CVE-2021-22989
Vulnerable Component: BIG-IP ASM
Affected Versions:
16.0.0 - 16.0.1
15.1.0 - 15.1.2
14.1.0 - 14.1.3
13.1.0 - 13.1.3
12.1.0 - 12.1.5
11.6.1 - 11.6.5
QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.
This vulnerability allows highly privileged authenticated users with the roles Administrator, Resource Administrator, or Application Security Administrator with network access to the Configuration utility, through the BIG-IP management port or self IP addresses, to execute arbitrary system commands, create or delete files, or disable services. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Exploitation can lead to complete system compromise and breakout of Appliance mode. Appliance mode is enforced by a specific license or may be enabled or disabled for individual vCMP guest instances. For information on Appliance mode, refer to K12815: Overview of Appliance mode.
- K56142644 -
support.f5.com/csp/article/K56142644
CVEs related to QID 376062
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| K56142644 |
support.f5.com/csp/article/K56142644 |