Vulnerabilities > CVE-2021-23000 - Unspecified vulnerability in F5 products

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

NVD

Published: 2021-03-31

Updated: 2021-04-05

Summary

On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may cause TMM to restart. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IP Access Policy Manager 12.1.5.2 F5 BIG IP Access Policy Manager 13.1.3.4 F5 BIG IP Advanced Firewall Manager 12.1.5.2 F5 BIG IP Advanced Firewall Manager 13.1.3.4 F5 BIG IP Advanced WEB Application Firewall 12.1.5.2 F5 BIG IP Advanced WEB Application Firewall 13.1.3.4 F5 BIG IP Analytics 12.1.5.2 F5 BIG IP Analytics 13.1.3.4 F5 BIG IP Application Acceleration Manager 12.1.5.2 F5 BIG IP Application Acceleration Manager 13.1.3.4 F5 BIG IP Application Security Manager 12.1.5.2 F5 BIG IP Application Security Manager 13.1.3.4 F5 BIG IP Ddos Hybrid Defender 12.1.5.2 F5 BIG IP Ddos Hybrid Defender 13.1.3.4 F5 BIG IP Domain Name System 12.1.5.2 F5 BIG IP Domain Name System 13.1.3.4 F5 BIG IP Fraud Protection Service 12.1.5.2 F5 BIG IP Fraud Protection Service 13.1.3.4 F5 BIG IP Global Traffic Manager 12.1.5.2 F5 BIG IP Global Traffic Manager 13.1.3.4 F5 BIG IP Link Controller 12.1.5.2 F5 BIG IP Link Controller 13.1.3.4 F5 BIG IP Local Traffic Manager 12.1.5.2 F5 BIG IP Local Traffic Manager 13.1.3.4 F5 BIG IP Policy Enforcement Manager 12.1.5.2 F5 BIG IP Policy Enforcement Manager 13.1.3.4 F5 SSL Orchestrator 12.1.5.2 F5 SSL Orchestrator 13.1.3.4	28

References

https://support.f5.com/csp/article/K34441555