CVE-2021-22980
First published: Fri Feb 12 2021(Updated: )
In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability in that the victim must run this utility on the Windows system. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 Access Policy Manager Clients | >=7.1.5<7.1.8.5 | |
| F5 Access Policy Manager Clients | >=7.1.9<7.1.9.8 | |
| F5 Access Policy Manager Clients | >=7.2.1<7.2.1.1 | |
| F5 Big-ip Access Policy Manager | >=11.6.1<=11.6.5 | |
| F5 Big-ip Access Policy Manager | >=12.1.0<=12.1.5 | |
| F5 Big-ip Access Policy Manager | >=13.1.0<13.1.3.6 | |
| F5 Big-ip Access Policy Manager | >=14.1.0<=14.1.3 | |
| F5 Big-ip Access Policy Manager | >=15.1.0<=15.1.2 | |
| F5 Big-ip Access Policy Manager | >=16.0.0<16.0.1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-22980.
What is the severity of CVE-2021-22980?
The severity of CVE-2021-22980 is high, with a severity value of 7.8.
Which software versions are affected by CVE-2021-22980?
CVE-2021-22980 affects F5 Access Policy Manager Clients versions 7.1.5 to 7.1.8.5, 7.1.9 to 7.1.9.8, and 7.2.1 to 7.2.1.1.
What is the description of CVE-2021-22980?
CVE-2021-22980 is an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows that could allow an attacker to load a malicious DLL library from its current directory.
How can I fix CVE-2021-22980?
To fix CVE-2021-22980, upgrade to Edge Client version 7.2.1.1, 7.1.9.8, or 7.1.8.5.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- vendor/f5
- canonical/f5 access policy manager clients
- version/f5 access policy manager clients/7.1.5
- version/f5 access policy manager clients/7.1.9
- version/f5 access policy manager clients/7.2.1
- canonical/f5 big-ip access policy manager
- version/f5 big-ip access policy manager/11.6.1
- version/f5 big-ip access policy manager/11.6.5
- version/f5 big-ip access policy manager/12.1.0
- version/f5 big-ip access policy manager/12.1.5
- version/f5 big-ip access policy manager/13.1.0
- version/f5 big-ip access policy manager/14.1.0
- version/f5 big-ip access policy manager/14.1.3
- version/f5 big-ip access policy manager/15.1.0
- version/f5 big-ip access policy manager/15.1.2
- version/f5 big-ip access policy manager/16.0.0