On BIG-IP versions 16.0.x prior to 16.0.1.1, 15.1.x prior to 15.1.3, 14.1.x prior to 14.1.4, and 13.1.x prior to 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administrator" or "Administrator" roles to execute arbitrary bash commands on BIG-IP. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
f5 big-ip access policy manager |
||
f5 big-ip advanced firewall manager |
||
f5 big-ip application acceleration manager |
||
f5 big-ip analytics |
||
f5 big-ip application security manager |
||
f5 big-ip domain name system |
||
f5 big-ip global traffic manager |
||
f5 big-ip fraud protection service |
||
f5 big-ip link controller |
||
f5 big-ip advanced web application firewall |
||
f5 big-ip ddos hybrid defender |
||
f5 big-ip local traffic manager |
||
f5 big-ip policy enforcement manager |
||
f5 big-ip ssl orchestrator |