{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T15:40:35.865","vulnerabilities":[{"cve":{"id":"CVE-2021-23031","sourceIdentifier":"f5sirt@f5.com","published":"2021-09-14T19:15:07.273","lastModified":"2026-06-17T03:38:14.730","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."},{"lang":"es","value":"En versiones 16.0.x anteriores a 16.0.1.2, versiones 15.1.x anteriores a 15.1.3, versiones 14.1.x anteriores a 14.1.4.1, versiones 13.1.x anteriores a 13.1.4, versiones 12.1.x anteriores a 12.1.6 y 11.6.x anteriores a 11.6.5.3, un usuario autenticado puede llevar a cabo una escalada de privilegios en la utilidad de ConfiguraciĆ³n de BIG-IP Advanced WAF y ASM. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas"}],"affected":[{"source":"f5sirt@f5.com","affectedData":[{"vendor":"n/a","product":"BIG-IP Advanced WAF and BIG-IP ASM","versions":[{"version":"16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":9.9,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.1,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"f5sirt@f5.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.1","versionEndIncluding":"11.6.5.2","matchCriteriaId":"D6AF221D-F7EC-40C9-BC9C-4F7C054C1600"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.0","versionEndIncluding":"12.1.5","matchCriteriaId":"322AA283-E494-45E0-975E-2725E2FCC2DE"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1.0","versionEndIncluding":"13.1.3","matchCriteriaId":"0802E0C1-9F02-4AFF-87B3-12BFE56C6D23"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"14.1.0","versionEndIncluding":"14.1.4","matchCriteriaId":"D2A1BB14-BEB5-43DD-878D-83E51FBFD4E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"15.1.0","versionEndIncluding":"15.1.2","matchCriteriaId":"F7EE1E34-5DAE-4162-93E7-F043E5DF67C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndIncluding":"16.0.1.1","matchCriteriaId":"2D3877DD-4285-4EA1-9E76-A7EF48B0B1B5"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"11.6.1","versionEndIncluding":"11.6.5.2","matchCriteriaId":"C9A86305-2292-40FB-A984-9B15F7A079F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"12.1.0","versionEndIncluding":"12.1.5","matchCriteriaId":"2E5552A3-91CD-4B97-AD33-4F1FB4C8827A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"13.1.0","versionEndIncluding":"13.1.3","matchCriteriaId":"8A53C692-D353-42E3-9148-F850DA11884F"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"14.1.0","versionEndIncluding":"14.1.4","matchCriteriaId":"15EB0439-9C16-45C2-895D-44D6ED1A028A"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"15.1.0","versionEndIncluding":"15.1.2","matchCriteriaId":"E60DDD42-73D2-44BE-B101-03E313E5C35C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0.0","versionEndIncluding":"16.0.1.1","matchCriteriaId":"C19CC5B0-63A3-454E-B0F4-9F4A6D176567"}]}]}],"references":[{"url":"https://support.f5.com/csp/article/K41351250","source":"f5sirt@f5.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://support.f5.com/csp/article/K41351250","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}}]}