vulnerability

F5 Networks: CVE-2021-22980: K29282483: BIG-IP APM CTU vulnerability CVE-2021-22980

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:M/Au:N/C:C/I:C/A:C)	Feb 10, 2021	Feb 11, 2021	Aug 11, 2025

Severity

CVSS

(AV:L/AC:M/Au:N/C:C/I:C/A:C)

Published

Feb 10, 2021

Added

Feb 11, 2021

Modified

Aug 11, 2025

Description

In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability in that the victim must run this utility on the Windows system. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Solution

f5-big-ip-upgrade-latest

References

CVE-2021-22980
https://attackerkb.com/topics/CVE-2021-22980
CWE-426
URL-https://my.f5.com/manage/s/article/K29282483

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today