First published: Wed Feb 14 2024(Updated: )
BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced Shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873.
Credit: f5sirt@f5.com
Affected Software | Affected Version | How to fix |
---|---|---|
F5 BIG-IP | =17.1.0 | 17.1.1 |
F5 BIG-IP | >=16.1.0<=16.1.3 | 16.1.4 |
F5 BIG-IP | >=15.1.0<=15.1.8 | 15.1.9 |
F5 BIG-IQ Centralized Management | >=8.0.0<=8.3.0 | 8.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.