In BIG-IP Versions 16.1.x prior to 16.1.3, 15.1.x prior to 15.1.5.1, 14.1.x prior to 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the malicious user to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
f5 big-ip analytics |
||
f5 big-ip link controller |
||
f5 big-ip local traffic manager |
||
f5 big-ip policy enforcement manager |
||
f5 big-ip global traffic manager |
||
f5 big-ip access policy manager |
||
f5 big-ip advanced firewall manager |
||
f5 big-ip application acceleration manager |
||
f5 big-ip application security manager |
||
f5 big-ip domain name system |
||
f5 big-ip fraud protection service |