Home
MEDIUM: 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NMEDIUM: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:NDefault status
unknown
21.1.0 (custom) before *
unaffected
21.0.0 (custom) before 21.0.0.1
affected
17.5.0 (custom) before 17.5.1.5
affected
17.1.0 (custom) before 17.1.3.1
affected
16.1.0 (custom) before *
affected
Default status
unknown
14.0 (custom) before *
unaffected
13.0 (custom) before 13.1.3
affected
12.0 (custom) before 12.3.2
affected
11.0 (custom) before 11.4.1
affected
Description
A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Problem types
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Product status
21.1.0 (custom) before *
21.0.0 (custom) before 21.0.0.1
17.5.0 (custom) before 17.5.1.5
17.1.0 (custom) before 17.1.3.1
16.1.0 (custom) before *
14.0 (custom) before *
13.0 (custom) before 13.1.3
12.0 (custom) before 12.3.2
11.0 (custom) before 11.4.1
Credits
F5
References
my.f5.com/manage/s/article/K000149743