Main Vulnerability Database Vulnerabilities #VU52750

#VU52750 Improper access control in BIG-IP - CVE-2021-23015

Published: April 29, 2021

Vulnerability identifier: #VU52750

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-23015

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
BIG-IP

Software vendor:
F5 Networks

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. When running in Appliance Mode, an authenticated user assigned the 'Administrator' role may be able to bypass Appliance Mode restrictions utilizing undisclosed iControl REST endpoints. A remote privileged user can bypass implemented security restrictions and gain unauthorized access to the application.

Remediation

Install updates from vendor's website.

External links

https://support.f5.com/csp/article/K74151369

#VU52750 Improper access control in BIG-IP - CVE-2021-23015

Description

Remediation

External links

Please verify you're human