CVE-2021-22980

Published: Feb 12, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability in that the victim must run this utility on the Windows system. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Affected (9)

Products: F5: Access Policy Manager Clients, Big Ip Access Policy Manager

2 products

Access Policy Manager Clients

Big Ip Access Policy Manager

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
F5 Access Policy Manager Clients	From 7.1.5 to 7.1.8.5
F5 Access Policy Manager Clients	From 7.1.9 to 7.1.9.8
F5 Access Policy Manager Clients	From 7.2.1 to 7.2.1.1
F5 Big Ip Access Policy Manager	From 11.6.1 to 11.6.5
F5 Big Ip Access Policy Manager	From 12.1.0 to 12.1.5
F5 Big Ip Access Policy Manager	From 13.1.0 to 13.1.3.6
F5 Big Ip Access Policy Manager	From 14.1.0 to 14.1.3
F5 Big Ip Access Policy Manager	From 15.1.0 to 15.1.2
F5 Big Ip Access Policy Manager	From 16.0.0 to 16.0.1.1

Related CWEs

CWE-426

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (2)

https://support.f5.com/csp/article/K29282483

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K29282483

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.