7.1.0.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

NVD

Published: 2021-03-31

Updated: 2021-04-06

Summary

On all 7.x versions (fixed in 8.0.0), when set up for auto failover, a BIG-IQ Data Collection Device (DCD) cluster member that receives an undisclosed message may cause the corosync process to abort. This behavior may lead to a denial-of-service (DoS) and impact the stability of a BIG-IQ high availability (HA) cluster. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IQ Centralized Management 7.0.0 F5 BIG IQ Centralized Management 7.1.0 F5 BIG IQ Centralized Management 7.1.0.1	3

References

https://support.f5.com/csp/article/K16352404