F5 BIG-IP Configuration utility
Easy fix3 remedies
cpe:2.3:a:f5:big-ip_configuration_utility:*:*:*:*:*:*:*
Easy fix3 remedies
- >= 17.5.0, <= 17.5.1
- >= 17.1.0, <= 17.1.3
- >= 16.1.0, <= 16.1.6
F5 BIG-IP Configuration Utility Error Message Spoofing Vulnerability
Vulnerability
Patched
A vulnerability exists in an undisclosed BIG-IP Configuration utility page, potentially allowing an attacker to spoof error messages. This issue affects BIG-IP versions 16.1.0 to 16.1.6, 17.1.0 to 17.1.3, and all 21.x versions. The vulnerability arises from a user interface misrepresentation, where an attacker could trick authenticated BIG-IP users into clicking malicious links that reflect a fake error message in their BIG-IP Configuration utility web browser session.
Impact
Exploitation could lead to authenticated users being deceived by spoofed error messages, potentially causing confusion or misdirection during their session.
Remediation
Users can log off and close all instances of their web browser after using the BIG-IP Configuration utility. It is advised not to use the same browser for BIG-IP management and other internet activities. If both must be done on the same machine, use separate browsers.
Added: Feb 4, 2026, 3:29 PM
Updated: Feb 4, 2026, 4:54 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
0.2exploitability
5.4remediation
7.9relevance
2.5threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.