OpenCVE

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
F5	Big-ip Access Policy Manager Big-ip Access Policy Manager Client

Configuration 1 [-]

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager_client::::::::
	cpe:2.3:a:f5:big-ip_access_policy_manager_client::::::::

No data.

References

Link	Providers
https://support.f5.com/csp/article/K08503505

History

No history.

MITRE

Status: PUBLISHED

Assigner: f5

Published: 2021-06-10T15:06:40

Updated: 2024-08-03T18:58:26.264Z

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-23022

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-06-10T16:15:08.033

Modified: 2021-06-23T15:22:46.847

Link: CVE-2021-23022

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Edge Client for Windows", "vendor": "n/a", "versions": [{"status": "affected", "version": "7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1"}]}], "descriptions": [{"lang": "en", "value": "On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}], "problemTypes": [{"descriptions": [{"description": "privilege escalation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-10T15:06:40", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.f5.com/csp/article/K08503505"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "f5sirt@f5.com", "ID": "CVE-2021-23022", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Edge Client for Windows", "version": {"version_data": [{"version_value": "7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "privilege escalation"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K08503505", "refsource": "MISC", "url": "https://support.f5.com/csp/article/K08503505"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:58:26.264Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.f5.com/csp/article/K08503505"}]}]}, "cveMetadata": {"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2021-23022", "datePublished": "2021-06-10T15:06:40", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2024-08-03T18:58:26.264Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "2FBA9552-4645-4BFF-91A4-47B6A3414325", "versionEndIncluding": "11.6.5", "versionStartIncluding": "11.6.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE2F2CB2-BE96-4DC8-B336-1E9A318B4604", "versionEndIncluding": "12.1.6", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BB75E40-E401-45D5-997F-B22A6AF9FE1A", "versionEndIncluding": "7.1.9.9", "versionStartIncluding": "7.1.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "D270E99A-C0AB-45DD-B17C-B72A39A18859", "versionEndExcluding": "7.2.1.3", "versionStartIncluding": "7.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}, {"lang": "es", "value": "En las versiones 7.2.1.x anteriores a 7.2.1.3 y versiones 7.1.x anteriores a 7.1.9.9 Update 1, la carpeta temporal del servicio de instalaci\u00f3n de Windows de BIG-IP Edge Client tiene permisos d\u00e9biles de archivos y carpetas. Nota: Las versiones de software que han alcanzado el fin del soporte t\u00e9cnico (EoTS) no se eval\u00faan"}], "id": "CVE-2021-23022", "lastModified": "2021-06-23T15:22:46.847", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-10T16:15:08.033", "references": [{"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K08503505"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}