CVE-2024-21782

Published Feb 14, 2024

Last updated 7 months ago

CVSS medium 6.7

Overview

Description: BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Source: f5sirt@f5.com
NVD status: Analyzed
Products: big-ip_access_policy_manager, big-iq_centralized_management, big-ip_advanced_firewall_manager, big-ip_analytics, big-ip_application_acceleration_manager, big-ip_application_security_manager, big-ip_domain_name_system, big-ip_fraud_protection_service, big-ip_global_traffic_manager, big-ip_link_controller, big-ip_local_traffic_manager, big-ip_policy_enforcement_manager

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

Weaknesses

f5sirt@f5.com: CWE-78
nvd@nist.gov: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F11226F6-9080-4126-ACBD-7211A2746214",
            "versionEndExcluding": "15.1.9",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8F16422-A642-4614-96F2-E5B4877E8206",
            "versionEndExcluding": "16.1.4",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:17.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A8D90B7-A1AF-4EFB-B688-1563D81E5C6D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B4F2DBC-4DA1-42D8-9BD9-2EAADA27CCDE",
            "versionEndIncluding": "8.3.0",
            "versionStartIncluding": "8.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DD4CF11-44E9-4596-9397-AF7DBD81277B",
            "versionEndExcluding": "15.1.9",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE979976-11C7-4AFF-8BE4-A094CC9C39CF",
            "versionEndExcluding": "16.1.4",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:17.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A1CC91B-6920-4AF0-9EDD-DD3189E78F4D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16795277-E8E2-4713-BD65-207655546649",
            "versionEndExcluding": "15.1.9",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0835E39B-F21E-4231-A4B9-5D511FF1B87A",
            "versionEndExcluding": "16.1.4",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:17.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59203EBF-C52A-45A1-B8DF-00E17E3EFB51"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F005EFFD-3A40-4762-B0D6-8760C406130F",
            "versionEndExcluding": "15.1.9",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8705476E-A246-4B57-A0E1-FD626C1B0DE5",
            "versionEndExcluding": "16.1.4",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:17.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C698C1C-A3DD-46E2-B05A-12F2604E7F85"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D82BCD8-136A-476C-AC86-710CA8B32EB7",
            "versionEndExcluding": "15.1.9",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "377DE308-CF91-488A-B296-30A3B09451D3",
            "versionEndExcluding": "16.1.4",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:17.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87670A74-34FE-45DF-A725-25B804C845B3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0FE692A-CD63-4354-B599-2F47EEEFDD37",
            "versionEndExcluding": "15.1.9",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2F02EC0-E6C2-4E00-9804-043982D88BCE",
            "versionEndExcluding": "16.1.4",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:17.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84D00768-E71B-4FF7-A7BF-F2C8CFBC900D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4958167-AB1F-4458-A06B-1B2DA313EEBD",
            "versionEndExcluding": "15.1.9",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D982C3E6-43DE-4AA8-889F-044E70C7FCB2",
            "versionEndExcluding": "16.1.4",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:17.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABBD10E8-6054-408F-9687-B9BF6375CA09"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "944B8F9C-E5C6-4DA8-BF2B-1C0B6A388BC4",
            "versionEndExcluding": "15.1.9",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DB6C626-BA78-4C06-8582-BFFCDF957429",
            "versionEndExcluding": "16.1.4",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:17.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83794B04-87E2-4CA9-81F5-BB820D0F5395"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCFAFFAC-000C-414D-83CF-B8B2C529D9CF",
            "versionEndExcluding": "15.1.9",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E68BFC75-6977-4644-A169-48263B896849",
            "versionEndExcluding": "16.1.4",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:17.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A6E7035-3299-474F-8F67-945EA9A059D0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "672067B7-C838-4F0B-B3D0-E85F71715B0A",
            "versionEndExcluding": "15.1.9",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4C17D18-1172-4396-9099-F1F5EAEACE5A",
            "versionEndExcluding": "16.1.4",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:17.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56FB92F7-FF1E-425D-A5AB-9D9FB0BB9450"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1871634A-7609-4D01-8469-3D86F36DC19D",
            "versionEndExcluding": "15.1.9",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "603324D6-FE7A-4209-B92B-94EF09AB5FF2",
            "versionEndExcluding": "16.1.4",
            "versionStartIncluding": "16.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:17.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "667EB77B-DA13-4BA4-9371-EE3F3A109F38"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References