F5 BIG-IP SSL Orchestrator
Easy fix4 remedies
cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*
Easy fix4 remedies
- 21.0.0
- 17.5.0
- 17.5.1
- 17.1.0
- 17.1.1
- 17.1.2
- 17.1.3
F5 BIG-IP SSL Orchestrator Directory Traversal Vulnerability Allowing Arbitrary File Manipulation
Vulnerability
Patched
A directory traversal vulnerability in F5 BIG-IP SSL Orchestrator allows authenticated attackers with high privileges to overwrite, delete, or corrupt arbitrary local files. This vulnerability affects specific versions of BIG-IP SSL Orchestrator that have not reached End of Technical Support (EoTS). The issue arises from improper limitations on file path handling, enabling unauthorized file manipulation. Exploitation of this vulnerability is a control plane issue, with no exposure to the data plane.
Impact
Successful exploitation allows overwriting, deletion, or corruption of local files, potentially leading to disruption of services or applications relying on those files.
Remediation
Users can upgrade to BIG-IP SSL Orchestrator versions 21.0.0.1, 17.5.1.4, or 17.1.3.1 to address this vulnerability. For more information on managing BIG-IP product hotfixes, refer to the F5 article K13123.
Added: May 13, 2026, 5:48 PM
Updated: May 13, 2026, 5:48 PM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
3.1exploitability
3.6remediation
7.9relevance
8.2threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.