Severity rating: High
F5 BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link
Controller, PEM) versions:
· 15.x versions 15.1.0 and 15.0.0
· 14.x versions from 14.1.0 to 14.1.2
· 13.x versions from 13.1.0 to 13.1.3
· 12.x versions from 12.1.0 to 12.1.5
A vulnerability has been reported in F5 BIG-IP products which could allow
an attacker to perform cross-site scripting attack on a targeted system.
This vulnerability exists in multiple BIG-IP products due to a flaw in
undisclosed pages of Traffic Management User Interface (TMUI), also
referred to as the Configuration utility.
Successful exploitation of this vulnerability could allow the attacker to
user has administrative privileges with access to the Advanced Shell
(bash), the attacker can completely compromise the targeted system.
Update to the fixed versions as mentioned in the F5 advisory