N/A

On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

在命令中使用的特殊元素转义处理不恰当(命令注入)

F5 BIG-IP多款产品命令注入漏洞

F5 BIG-IP等都是美国F5公司的产品。F5 BIG-IP是一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。F5 BIG-IP ASM是一款Web应用程序防火墙（WAF），F5 Big-Ip Advanced Waf是一款高级 Web 应用程序防火墙。 F5 Big-Ip Advanced Waf和F5 BIG-IP ASM和F5 BIG-IP Guided Configuration存在命令注入漏洞。目前尚无此漏洞的相关信息，请随时关注CNNVD或厂商公告。

N/A

N/A