1. Home
  2. CVE Database
  3. CVE-2021-23031
CRITICAL · 9.9

CVE-2021-23031

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege e...

Vulnerability Description

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS Score

9.9

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
F5Big-Ip Advanced Web Application Firewall>= 11.6.1, <= 11.6.5.2
F5Big-Ip Application Security Manager>= 11.6.1, <= 11.6.5.2

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2021-23031?

CVE-2021-23031 is a vulnerability with a CVSS score of 9.9 (CRITICAL). On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege e...

How severe is CVE-2021-23031?

CVE-2021-23031 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-23031?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Advanced Web Application Firewall, F5 Big-Ip Application Security Manager.