{ "id": "CVE-2021-23043", "sourceIdentifier": "f5sirt@f5.com", "published": "2021-09-14T15:15:07.210", "lastModified": "2021-09-24T17:52:19.460", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "On BIG-IP, on all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to access arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated." }, { "lang": "es", "value": "En BIG-IP, en todas las versiones 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x y 11.6.x, se presenta una vulnerabilidad de salto de directorio en una p\u00e1gina no divulgada de la utilidad de Configuraci\u00f3n de BIG-IP que permite a un atacante acceder a archivos arbitrarios. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-22" } ] }, { "source": "f5sirt@f5.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-22" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.0", "versionEndIncluding": "11.6.5", "matchCriteriaId": "5761ADC0-5F98-4727-B2DE-9299C9CE6BD8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.6", "matchCriteriaId": "DE2F2CB2-BE96-4DC8-B336-1E9A318B4604" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.4", "matchCriteriaId": "50288008-B90F-4882-80AD-2C70A1F1E2DD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.4", "matchCriteriaId": "D5286F92-3E35-4B00-AA8F-AC96449BD2F6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.3", "matchCriteriaId": "FE0AA66D-D6EF-4D7E-B975-9CF1A19AF279" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndIncluding": "16.1.0", "matchCriteriaId": "03CC1189-845F-4A8B-8ADD-2E2304866619" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.0", "versionEndIncluding": "11.6.5", "matchCriteriaId": "69450774-EFFB-4EB1-8321-2197CE379B49" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.6", "matchCriteriaId": "6E32CBE0-BFDC-4DCB-A365-2F3C4D680446" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.4", "matchCriteriaId": "C37ABF73-E093-498B-99F3-11D5A3908C7F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.4", "matchCriteriaId": "AB20EE99-82A2-4FF9-B1C5-A0E40816AA5A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.3", "matchCriteriaId": "7C23AD78-B214-48C7-996C-F3BD2DE30B3B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndIncluding": "16.1.0", "matchCriteriaId": "9F57D7A7-85FD-43A9-BEFF-E37456170221" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.0", "versionEndIncluding": "11.6.5", "matchCriteriaId": "E64E043B-3418-45C8-B2BB-F1611E7525A3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.6", "matchCriteriaId": "18666B67-A6EA-402B-926E-96348AB82831" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.4", "matchCriteriaId": "18F2AC19-1085-48C3-B270-DD3E17A7870D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.4", "matchCriteriaId": "6CCAB1F6-9AD7-4743-A6B6-D42567427845" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.3", "matchCriteriaId": "51E8CE17-224C-45C8-845D-32A90559F35C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndIncluding": "16.1.0", "matchCriteriaId": "F35F86B1-C7FB-4DCB-9B25-7420FEA2E759" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.0", "versionEndIncluding": "11.6.5", "matchCriteriaId": "58A03238-74CE-4575-856E-502AEC669489" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.6", "matchCriteriaId": "8AF5B8C5-98F2-45B5-A877-C3666E3D6876" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.4", "matchCriteriaId": "EDDC86D0-B9D6-42AE-959E-CC40C6F275EE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.4", "matchCriteriaId": "6B90B84E-0BAA-465E-A4D3-20902772B951" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.3", "matchCriteriaId": "9C7C7515-D182-40C6-9224-B0C9A92F94BB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndIncluding": "16.1.0", "matchCriteriaId": "5B5C9236-80C2-4E50-AB19-7A880AE43FC7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.0", "versionEndIncluding": "11.6.5", "matchCriteriaId": "0FEC23E9-FF6F-4019-8C85-4993663F7276" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.6", "matchCriteriaId": "1849279E-9FB1-4D6A-8386-337F7DF151DF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.4", "matchCriteriaId": "D17DCE22-99F8-422C-A414-86CFA78BA425" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.4", "matchCriteriaId": "15EB0439-9C16-45C2-895D-44D6ED1A028A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.3", "matchCriteriaId": "2408EED7-CFDF-414C-82DB-FA9541DE2138" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndIncluding": "16.1.0", "matchCriteriaId": "DF4F0388-DB5A-4D10-953F-09E5C111BFBC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.0", "versionEndIncluding": "11.6.5", "matchCriteriaId": "55BFE22B-204D-4DD7-8EB3-8AC068EEE84C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.6", "matchCriteriaId": "F489E5B1-1EC4-4E45-8EE6-6A4FCD0F386F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.4", "matchCriteriaId": "F82E9A35-A3E2-4915-BE23-B321C18BE6C3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.4", "matchCriteriaId": "A27C0FAB-2C2F-4F5E-8EF4-CC4923B848F4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.3", "matchCriteriaId": "D3EB0C5A-FC0E-46A6-A59A-01B2091E8C84" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndIncluding": "16.1.0", "matchCriteriaId": "166FA312-D2E5-48D5-88D2-D849472A204D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.0", "versionEndIncluding": "11.6.5", "matchCriteriaId": "5A72C0B5-2AD5-4CA2-8F1A-C389E5578B20" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.6", "matchCriteriaId": "01C01794-36BD-4783-B962-07000FCE4788" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.4", "matchCriteriaId": "6B486BC4-2258-42FC-834E-22958ACFCA13" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.4", "matchCriteriaId": "DFD7DB4C-6CA7-4C26-81AB-1F9A27F4355A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.3", "matchCriteriaId": "C956EAAD-0750-4E25-9A69-8B1DD156B6BE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndIncluding": "16.1.0", "matchCriteriaId": "F63F91CB-DEEE-466A-A2D3-51688C438BCC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.0", "versionEndIncluding": "11.6.5", "matchCriteriaId": "B2B7A18A-A9D6-42E5-89F7-F12D1E2866E3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.6", "matchCriteriaId": "5ED5A4F4-9FFF-43D0-B17D-838D6CEDDF04" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.4", "matchCriteriaId": "3FCEA7BA-FBAB-4D94-86D9-51B7F8E4C0A1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.4", "matchCriteriaId": "FC486854-8119-4DDC-BE29-AB3394D2A214" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.3", "matchCriteriaId": "30EEE0A7-D601-43A5-80A7-44D637D6847F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndIncluding": "16.1.0", "matchCriteriaId": "09FD9534-C34A-4159-B206-4C8A2F154946" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.0", "versionEndIncluding": "11.6.5", "matchCriteriaId": "D1F09706-85BC-43BE-8C4C-91E566258777" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.6", "matchCriteriaId": "16234A51-9C86-484A-B8D5-6EFB838CB564" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.4", "matchCriteriaId": "ADE1E0A6-DE70-4D46-B493-671E23EEA32D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.4", "matchCriteriaId": "C5FF402E-8A6B-498F-BDB3-089EFAE55061" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.3", "matchCriteriaId": "A3D935FC-8637-44B1-B836-EBDA4AB22961" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndIncluding": "16.1.0", "matchCriteriaId": "4499A032-8032-4CF4-9C9E-92448FFFD518" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.0", "versionEndIncluding": "11.6.5", "matchCriteriaId": "A81BB4CC-CA19-4C95-9F70-60D393B2AE50" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.6", "matchCriteriaId": "61189D3B-8BF1-47A7-B5AC-A75E44D6BD5F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.4", "matchCriteriaId": "228F7E70-F93D-40BD-9C33-2A51CB6B931F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.4", "matchCriteriaId": "D38D907A-2071-4675-8616-733E3C96C95B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.3", "matchCriteriaId": "55AE6626-80D5-4B90-B579-34D3EB34EF3C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndIncluding": "16.1.0", "matchCriteriaId": "DF6806EE-4E58-4DD8-983D-66862B1E75A4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.6.0", "versionEndIncluding": "11.6.5", "matchCriteriaId": "E971DDD5-7F8D-42A8-8738-052B9A3395FB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "12.1.0", "versionEndIncluding": "12.1.6", "matchCriteriaId": "9FBA5CDC-1989-4971-BD1B-F14E801F5017" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "13.1.0", "versionEndIncluding": "13.1.4", "matchCriteriaId": "F4574B7D-DFAF-4527-8E19-2E37650A1494" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.1.0", "versionEndIncluding": "14.1.4", "matchCriteriaId": "30382C56-3299-4D9C-943B-46B8CECB31BF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndIncluding": "15.1.3", "matchCriteriaId": "265F5361-DC0B-4AB2-ACD3-6F32680881C2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndIncluding": "16.1.0", "matchCriteriaId": "6FDFC78F-DB43-4052-947E-2EE4B9881D0C" } ] } ] } ], "references": [ { "url": "https://support.f5.com/csp/article/K63163637", "source": "f5sirt@f5.com", "tags": [ "Vendor Advisory" ] } ] }