What is CVE-2021-23012?

CVE-2021-23012 is a high-severity vulnerability in F5 Big-ip_access_policy_manager, classified under OS Command Injection. CVSS score: 8.2/10. Published 2021-05-10.

How severe is CVE-2021-23012?

High severity. CVSS v3 base score is 8.2 out of 10.

RCE in F5 Big-ip_access_policy_manager

CVE-2021-23012

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, and 13.1.x before 13.1.4, lack of input validation for items used in the system support functionality may allow users granted either "Resource Administr…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.003 (18.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

F5 Big-ip_access_policy_manager
F5 Big-ip_advanced_firewall_manager
F5 Big-ip_advanced_web_application_firewall
F5 Big-ip_analytics
F5 Big-ip_application_acceleration_manager
F5 Big-ip_application_security_manager
F5 Big-ip_ddos_hybrid_defender
F5 Big-ip_domain_name_system
F5 Big-ip_fraud_protection_service
F5 Big-ip_global_traffic_manager

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

f5sirt@f5.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-23012?: CVE-2021-23012 is a high-severity vulnerability in F5 Big-ip_access_policy_manager, classified under OS Command Injection. CVSS score: 8.2/10. Published 2021-05-10.
How severe is CVE-2021-23012?: High severity. CVSS v3 base score is 8.2 out of 10.