Key Vulnerability Information from the Screenshot Vulnerability ID: K45056101, CVE-2021-22990 Description: - The Traffic Management User Interface (TMUI) or Configuration utility on systems with Advanced WAF or BIG-IP ASM has an authenticated remote command execution vulnerability. - Only highly privileged authenticated users with specific roles can exploit it via the BIG-IP management port or self IP addresses. Impact: - Allows execution of arbitrary system commands, file manipulation, and service management. - Primary threat of complete system compromise. Products Affected: - BIG-IP (Advanced WAF and ASM) versions 16.0.0 - 16.0.1, 15.1.0 - 15.1.2, 14.1.0 - 14.1.3, 13.1.0 - 13.1.3, 12.1.0 - 12.1.5, 11.6.1 - 11.6.5 - Severity: Medium, CVSSv3 Score: 6.6 Mitigation: - No viable mitigation while allowing legitimate user access; removing access for untrusted users is recommended. - Temporary mitigations involve blocking configuration utility access through self IP addresses and the management interface. Fixes Introduced: - Detailed updates for impacted BIG-IP versions listed in the screenshot. - Public cloud users advised to use the latest BIG-IP VE releases. Additional Notes: - Other modules of BIG-IP and BIG-IQ Centralized Management are not vulnerable. - Related vulnerability documents for context and additional security measures are available.