CVE-2021-22989: 
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation

CVE-2021-22989 is an authenticated remote command execution vulnerability affecting F5's BIG-IP systems. The vulnerability exists in the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned. This vulnerability affects BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3 (CVE Details).

The vulnerability has been assigned a CVSS v3.1 base score of 8.0, indicating a high severity level. It is an authenticated remote command execution vulnerability that affects the TMUI in Appliance mode specifically when Advanced WAF or BIG-IP ASM are provisioned. The vulnerability exists in undisclosed pages of the Configuration utility (Threatpost).

When successfully exploited, this vulnerability allows authenticated users with network access to the Configuration utility to execute arbitrary system commands, create or delete files, or disable services on the affected system (Rapid7).

F5 has released patches to address this vulnerability. Organizations are strongly encouraged to update their BIG-IP systems to a fixed version as soon as possible. For temporary mitigation, F5 recommends blocking iControl REST access through both the self IP address and the management interface (FortiGuard Labs).