漏洞类别:Local
漏洞等级: 
漏洞信息
BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command execution on the BIG-IP system.
Affected Versions:
BIG-IP ASM 12.1.0 - 12.1.0 HF1
BIG-IP ASM 12.0.0 - 12.0.0 HF3
BIG-IP ASM 11.6.1
BIG-IP ASM 11.6.0 - 11.6.0 HF7
BIG-IP ASM 11.5.2 - 11.5.4 HF1
BIG-IP ASM 11.5.0 - 11.5.1 HF10
NOTE: Only virtual servers with configurations using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable.
漏洞危害
Successful exploitation allows an unauthenticated, remote attacker to modify BIG-IP system configuration, extract sensitive system files, or execute arbitrary code on the targeted BIG-IP system.
解决方案
Customers are advised to refer to SOL35520031 for updates pertaining to this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论