In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, When the Advanced WAF / ASM module is provisioned, an authenticated remote code execution vulnerability exists in the BIG-IP iControl REST interface.
2022-10-19T22:15:12.333
2024-11-21T07:23:30.390
Modified
CVSSv3.1: 7.2 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | f5 | big-ip_advanced_web_application_firewall | < 13.1.5.1 | Yes |
| Application | f5 | big-ip_advanced_web_application_firewall | < 14.1.5.1 | Yes |
| Application | f5 | big-ip_advanced_web_application_firewall | < 15.1.6.1 | Yes |
| Application | f5 | big-ip_advanced_web_application_firewall | < 16.1.3.1 | Yes |
| Application | f5 | big-ip_application_security_manager | < 13.1.5.1 | Yes |
| Application | f5 | big-ip_application_security_manager | < 14.1.5.1 | Yes |
| Application | f5 | big-ip_application_security_manager | < 15.1.6.1 | Yes |
| Application | f5 | big-ip_application_security_manager | < 16.1.3.1 | Yes |