vulnerability

F5 Networks: CVE-2021-23015: K74151369: Appliance Mode authenticated iControl REST vulnerability CVE-2021-23015

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	May 10, 2021	Jul 30, 2024	Aug 23, 2024

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

May 10, 2021

Added

Jul 30, 2024

Modified

Aug 23, 2024

Description

On BIG-IP 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.0.8 through 13.1.3.6, and all versions of 16.0.x, when running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Solution

f5-big-ip-upgrade-latest

References

CVE-2021-23015
https://attackerkb.com/topics/CVE-2021-23015
URL-https://my.f5.com/manage/s/article/K74151369

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today