漏洞类别:Local
漏洞等级: 
漏洞信息
The Access Policy Manager customization configuration section does not properly validate file types or file contents when uploading files. A remote authenticated user can upload files to the target system. This can be exploited by users with Application Editor or higher privileges to gain elevated privileges.
Affected Versions:
BIG-IP ASM 11.6.0
BIG-IP ASM 11.5.0 - 11.5.3
BIG-IP ASM 11.3.0 - 11.4.1 HF9
BIG-IP ASM 11.0.0 - 11.2.1 HF15
漏洞危害
An authenticated attacker may upload files to the BIG-IP system. Privilege escalation may potentially occur when attackers authenticate with at least Application Editor privileges.
解决方案
Customers are advised to refer to SOL12401251 for updates pertaining to this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论