The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
On BIG-IP versions 16.0.x before 188.8.131.52, 15.1.x before 184.108.40.206, 14.1.x before 14.1.4, 13.1.x before 220.127.116.11, 12.1.x before 18.104.22.168, and 11.6.x before 22.214.171.124, on systems with Advanced WAF or BIG-IP ASM provisioned, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Base Score: 9
Impact Score: 10
Exploitability Score: 8
Base Score: 7.2
Impact Score: 5.9
Exploitability Score: 1.2
|147630||F5 Networks BIG-IP : Advanced WAF/ASM TMUI authenticated remote command execution vulnerability (K45056101)||Nessus||F5 Networks Local Security Checks|
|147625||F5 Networks BIG-IP : Appliance mode Advanced WAF/ASM TMUI authenticated remote command execution vulnerability (K56142644)||Nessus||F5 Networks Local Security Checks|