CVE-2021-22989 : Exploit Details and Defense Strategies

Big-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 are affected by an authenticated remote command execution vulnerability in undisclosed pages of the TMUI (Configuration Utility) when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned.

Understanding CVE-2021-22989

This CVE affects BIG-IP Advanced WAF or BIG-IP ASM in Appliance Mode due to a remote command execution vulnerability.

What is CVE-2021-22989?

This CVE refers to an authenticated remote command execution vulnerability in undisclosed pages of TMUI when deployed in Appliance mode with Advanced WAF or BIG-IP ASM.

The Impact of CVE-2021-22989

If exploited, attackers can execute arbitrary commands on the affected system, potentially leading to complete system compromise.

Technical Details of CVE-2021-22989

Below are the technical details of this CVE:

Vulnerability Description

The vulnerability allows authenticated remote attackers to execute commands on affected systems.

Affected Systems and Versions

BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned.

Exploitation Mechanism

The vulnerability involves executing commands through undisclosed pages of the TMUI when appropriately authenticated.

Mitigation and Prevention

To address CVE-2021-22989, consider the following steps:

Immediate Steps to Take

Apply patches provided by F5 Networks to vulnerable versions.
Restrict network access to the TMUI interface.

Long-Term Security Practices

Regularly update and patch F5 BIG-IP devices.
Monitor for any unauthorized access or unusual activities.

Patching and Updates

Check with F5 for the latest patches and updates to mitigate this vulnerability.