BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Max CVSS
6.7
EPSS Score
0.04%
Published
2024-02-14
Updated
2024-02-14
F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote authenticated users to change the password of arbitrary users via the name parameter in a request to the user's page in mgmt/shared/authz/users/.
Max CVSS
9.0
EPSS Score
1.40%
Published
2014-05-05
Updated
2014-05-23
2 vulnerabilities found