f5 access_policy_manager_clients 不可信的搜索路径

admin

0
文章

0
评论

2023-12-01 16:16:53 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

f5 access_policy_manager_clients 不可信的搜索路径

CVE编号

CVE-2021-22980

利用情况

暂无

补丁情况

N/A

披露时间

2021-02-13

漏洞描述

In Edge Client version 7.2.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, and 7.1.x-7.1.8.x before 7.1.8.5, an untrusted search path vulnerability in the BIG-IP APM Client Troubleshooting Utility (CTU) for Windows could allow an attacker to load a malicious DLL library from its current directory. User interaction is required to exploit this vulnerability in that the victim must run this utility on the Windows system. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://support.f5.com/csp/article/K29282483

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	f5	access_policy_manager_clients	*	From (including) 7.1.5	Up to (excluding) 7.1.8.5
	运行在以下环境
	应用	f5	access_policy_manager_clients	*	From (including) 7.1.9	Up to (excluding) 7.1.9.8
	运行在以下环境
	应用	f5	access_policy_manager_clients	*	From (including) 7.2.1	Up to (excluding) 7.2.1.1
	运行在以下环境
	应用	f5	big-ip_access_policy_manager	*	From (including) 11.6.1	Up to (including) 11.6.5
	运行在以下环境
	应用	f5	big-ip_access_policy_manager	*	From (including) 12.1.0	Up to (including) 12.1.5
	运行在以下环境
	应用	f5	big-ip_access_policy_manager	*	From (including) 13.1.0	Up to (excluding) 13.1.3.6
	运行在以下环境
	应用	f5	big-ip_access_policy_manager	*	From (including) 14.1.0	Up to (including) 14.1.3
	运行在以下环境
	应用	f5	big-ip_access_policy_manager	*	From (including) 15.1.0	Up to (including) 15.1.2
	运行在以下环境
	应用	f5	big-ip_access_policy_manager	*	From (including) 16.0.0	Up to (excluding) 16.0.1.1