CVE-2021-22988: 
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation

CVE-2021-22988 is an authenticated remote command execution vulnerability affecting the Traffic Management User Interface (TMUI), also known as the Configuration utility, in F5's BIG-IP systems. The vulnerability affects multiple versions including 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3. The vulnerability was disclosed on March 10, 2021 (Rapid7 Blog).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (High) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability exists in undisclosed pages of the TMUI interface and requires authentication for exploitation. The attack vector is network-accessible, with low attack complexity, requiring low privileges and no user interaction (NVD).

If successfully exploited, this vulnerability could allow an authenticated attacker to execute arbitrary commands on the affected BIG-IP system, potentially leading to complete system compromise. The vulnerability affects confidentiality, integrity, and availability of the system, all rated as High in the CVSS scoring (NVD).

F5 has released patched versions to address this vulnerability. Organizations should upgrade to version 16.0.1.1, 15.1.2.1, 14.1.4, 13.1.3.6, 12.1.5.3, or 11.6.5.3 depending on their current version track (NVD).