The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
On BIG-IP versions 16.0.x before 220.127.116.11, 15.1.x before 18.104.22.168, 14.1.x before 14.1.4, 13.1.x before 22.214.171.124, 12.1.x before 126.96.36.199, and 11.6.x before 188.8.131.52, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Base Score: 9
Impact Score: 10
Exploitability Score: 8
Base Score: 9.1
Impact Score: 6
Exploitability Score: 2.3
|147630||F5 Networks BIG-IP : Advanced WAF/ASM TMUI authenticated remote command execution vulnerability (K45056101)||Nessus||F5 Networks Local Security Checks|
|147625||F5 Networks BIG-IP : Appliance mode Advanced WAF/ASM TMUI authenticated remote command execution vulnerability (K56142644)||Nessus||F5 Networks Local Security Checks|