CVE-2024-21782
CVSS V2 None
CVSS V3 None
Description
BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Overview
- CVE ID
- CVE-2024-21782
- Assigner
- f5
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-02-14T16:30:20.945Z
- Last Modified Date
- 2024-02-14T16:30:20.945Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://my.f5.com/manage/s/article/K98606833 | vendor-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-21782 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21782 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 15:29:20 | Added to TrackCVE |