Vulnerabilities > CVE-2021-23007 - Unspecified vulnerability in F5 products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

NVD

Published: 2021-03-31

Updated: 2021-04-06

Summary

On BIG-IP versions 14.1.4 and 16.0.1.1, when the Traffic Management Microkernel (TMM) process handles certain undisclosed traffic, it may start dropping all fragmented IP traffic. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IP Access Policy Manager 14.1.4 F5 BIG IP Access Policy Manager 16.0.1.1 F5 BIG IP Advanced Firewall Manager 14.1.4 F5 BIG IP Advanced Firewall Manager 16.0.1.1 F5 BIG IP Advanced WEB Application Firewall 14.1.4 F5 BIG IP Advanced WEB Application Firewall 16.0.1.1 F5 BIG IP Analytics 14.1.4 F5 BIG IP Analytics 16.0.1.1 F5 BIG IP Application Acceleration Manager 14.1.4 F5 BIG IP Application Acceleration Manager 16.0.1.1 F5 BIG IP Application Security Manager 14.1.4 F5 BIG IP Application Security Manager 16.0.1.1 F5 BIG IP Ddos Hybrid Defender 14.1.4 F5 BIG IP Ddos Hybrid Defender 16.0.1.1 F5 BIG IP Domain Name System 14.1.4 F5 BIG IP Domain Name System 16.0.1.1 F5 BIG IP Edge Gateway 14.1.4 F5 BIG IP Edge Gateway 16.0.1.1 F5 BIG IP Fraud Protection Service 14.1.4 F5 BIG IP Fraud Protection Service 16.0.1.1 F5 BIG IP Global Traffic Manager 14.1.4 F5 BIG IP Global Traffic Manager 16.0.1.1 F5 BIG IP Link Controller 14.1.4 F5 BIG IP Link Controller 16.0.1.1 F5 BIG IP Local Traffic Manager 14.1.4 F5 BIG IP Local Traffic Manager 16.0.1.1 F5 BIG IP Policy Enforcement Manager 14.1.4 F5 BIG IP Policy Enforcement Manager 16.0.1.1 F5 BIG IP SSL Orchestrator 14.1.4 F5 BIG IP SSL Orchestrator 16.0.1.1 F5 BIG IP Webaccelerator 14.1.4 F5 BIG IP Webaccelerator 16.0.1.1	32

References

https://support.f5.com/csp/article/K37451543