Vulnerabilities > CVE-2021-23009 - Infinite Loop vulnerability in F5 products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

CWE-835

NVD

Published: 2021-05-10

Updated: 2021-05-21

Summary

On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. TMM takes the configured HA action when the TMM process is aborted. There is no control plane exposure, this is a data plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Vulnerable Configurations

Part	Description	Count
Application	F5 F5 BIG IP Access Policy Manager 15.1.0 F5 BIG IP Access Policy Manager 15.1.0.1 F5 BIG IP Access Policy Manager 15.1.0.2 F5 BIG IP Access Policy Manager 15.1.0.3 F5 BIG IP Access Policy Manager 15.1.0.4 F5 BIG IP Access Policy Manager 15.1.0.5 F5 BIG IP Access Policy Manager 15.1.1 F5 BIG IP Access Policy Manager 15.1.2 F5 BIG IP Access Policy Manager 15.1.2.1 F5 BIG IP Access Policy Manager 16.0.0 F5 BIG IP Access Policy Manager 16.0.1 F5 BIG IP Advanced Firewall Manager 15.1.0 F5 BIG IP Advanced Firewall Manager 15.1.0.1 F5 BIG IP Advanced Firewall Manager 15.1.0.2 F5 BIG IP Advanced Firewall Manager 15.1.0.3 F5 BIG IP Advanced Firewall Manager 15.1.0.4 F5 BIG IP Advanced Firewall Manager 15.1.0.5 F5 BIG IP Advanced Firewall Manager 15.1.1 F5 BIG IP Advanced Firewall Manager 15.1.2 F5 BIG IP Advanced Firewall Manager 15.1.2.1 F5 BIG IP Advanced Firewall Manager 16.0.0 F5 BIG IP Advanced Firewall Manager 16.0.1 F5 BIG IP Advanced WEB Application Firewall 15.1.0 F5 BIG IP Advanced WEB Application Firewall 15.1.0.2 F5 BIG IP Advanced WEB Application Firewall 15.1.0.4 F5 BIG IP Advanced WEB Application Firewall 15.1.0.5 F5 BIG IP Advanced WEB Application Firewall 15.1.1 F5 BIG IP Advanced WEB Application Firewall 15.1.2 F5 BIG IP Advanced WEB Application Firewall 15.1.2.1 F5 BIG IP Advanced WEB Application Firewall 16.0.0 F5 BIG IP Advanced WEB Application Firewall 16.0.1 F5 BIG IP Analytics 15.1.0 F5 BIG IP Analytics 15.1.0.1 F5 BIG IP Analytics 15.1.0.2 F5 BIG IP Analytics 15.1.0.3 F5 BIG IP Analytics 15.1.0.4 F5 BIG IP Analytics 15.1.0.5 F5 BIG IP Analytics 15.1.1 F5 BIG IP Analytics 15.1.2 F5 BIG IP Analytics 15.1.2.1 F5 BIG IP Analytics 16.0.0 F5 BIG IP Analytics 16.0.1 F5 BIG IP Application Acceleration Manager 15.1.0 F5 BIG IP Application Acceleration Manager 15.1.0.1 F5 BIG IP Application Acceleration Manager 15.1.0.2 F5 BIG IP Application Acceleration Manager 15.1.0.3 F5 BIG IP Application Acceleration Manager 15.1.0.4 F5 BIG IP Application Acceleration Manager 15.1.0.5 F5 BIG IP Application Acceleration Manager 15.1.1 F5 BIG IP Application Acceleration Manager 15.1.2 F5 BIG IP Application Acceleration Manager 15.1.2.1 F5 BIG IP Application Acceleration Manager 16.0.0 F5 BIG IP Application Acceleration Manager 16.0.1 F5 BIG IP Application Security Manager 15.1.0 F5 BIG IP Application Security Manager 15.1.0.1 F5 BIG IP Application Security Manager 15.1.0.2 F5 BIG IP Application Security Manager 15.1.0.3 F5 BIG IP Application Security Manager 15.1.0.4 F5 BIG IP Application Security Manager 15.1.0.5 F5 BIG IP Application Security Manager 15.1.1 F5 BIG IP Application Security Manager 15.1.2 F5 BIG IP Application Security Manager 15.1.2.1 F5 BIG IP Application Security Manager 16.0.0 F5 BIG IP Application Security Manager 16.0.1 F5 BIG IP Application Security Manager 16.0.1.1 F5 BIG IP Domain Name System 16.0.0 F5 BIG IP Domain Name System 16.0.1 F5 BIG IP Domain Name System 15.1.0 F5 BIG IP Domain Name System 15.1.0.1 F5 BIG IP Domain Name System 15.1.0.2 F5 BIG IP Domain Name System 15.1.0.3 F5 BIG IP Domain Name System 15.1.0.4 F5 BIG IP Domain Name System 15.1.0.5 F5 BIG IP Domain Name System 15.1.1 F5 BIG IP Domain Name System 15.1.2 F5 BIG IP Domain Name System 15.1.2.1 F5 BIG IP Global Traffic Manager 16.0.0 F5 BIG IP Global Traffic Manager 16.0.1 F5 BIG IP Global Traffic Manager 15.1.0 F5 BIG IP Global Traffic Manager 15.1.0.1 F5 BIG IP Global Traffic Manager 15.1.0.2 F5 BIG IP Global Traffic Manager 15.1.0.3 F5 BIG IP Global Traffic Manager 15.1.0.4 F5 BIG IP Global Traffic Manager 15.1.0.5 F5 BIG IP Global Traffic Manager 15.1.1 F5 BIG IP Global Traffic Manager 15.1.2 F5 BIG IP Global Traffic Manager 15.1.2.1 F5 BIG IP Fraud Protection Service 16.0.0 F5 BIG IP Fraud Protection Service 16.0.1 F5 BIG IP Fraud Protection Service 15.1.0 F5 BIG IP Fraud Protection Service 15.1.0.1 F5 BIG IP Fraud Protection Service 15.1.0.2 F5 BIG IP Fraud Protection Service 15.1.0.3 F5 BIG IP Fraud Protection Service 15.1.0.4 F5 BIG IP Fraud Protection Service 15.1.0.5 F5 BIG IP Fraud Protection Service 15.1.1 F5 BIG IP Fraud Protection Service 15.1.2 F5 BIG IP Fraud Protection Service 15.1.2.1 F5 BIG IP Link Controller 16.0.0 F5 BIG IP Link Controller 16.0.1 F5 BIG IP Link Controller 15.1.0 F5 BIG IP Link Controller 15.1.0.1 F5 BIG IP Link Controller 15.1.0.2 F5 BIG IP Link Controller 15.1.0.3 F5 BIG IP Link Controller 15.1.0.4 F5 BIG IP Link Controller 15.1.0.5 F5 BIG IP Link Controller 15.1.1 F5 BIG IP Link Controller 15.1.2 F5 BIG IP Link Controller 15.1.2.1 F5 BIG IP Local Traffic Manager 16.0.0 F5 BIG IP Local Traffic Manager 16.0.1 F5 BIG IP Local Traffic Manager 15.1.0 F5 BIG IP Local Traffic Manager 15.1.0.1 F5 BIG IP Local Traffic Manager 15.1.0.2 F5 BIG IP Local Traffic Manager 15.1.0.3 F5 BIG IP Local Traffic Manager 15.1.0.4 F5 BIG IP Local Traffic Manager 15.1.0.5 F5 BIG IP Local Traffic Manager 15.1.1 F5 BIG IP Local Traffic Manager 15.1.2 F5 BIG IP Local Traffic Manager 15.1.2.1 F5 BIG IP Policy Enforcement Manager 16.0.0 F5 BIG IP Policy Enforcement Manager 16.0.1 F5 BIG IP Policy Enforcement Manager 15.1.0 F5 BIG IP Policy Enforcement Manager 15.1.0.1 F5 BIG IP Policy Enforcement Manager 15.1.0.2 F5 BIG IP Policy Enforcement Manager 15.1.0.3 F5 BIG IP Policy Enforcement Manager 15.1.0.4 F5 BIG IP Policy Enforcement Manager 15.1.0.5 F5 BIG IP Policy Enforcement Manager 15.1.1 F5 BIG IP Policy Enforcement Manager 15.1.2 F5 BIG IP Policy Enforcement Manager 15.1.2.1 F5 BIG IP Ddos Hybrid Defender 16.0.0 F5 BIG IP Ddos Hybrid Defender 16.0.1 F5 BIG IP Ddos Hybrid Defender 15.1.0 F5 BIG IP Ddos Hybrid Defender 15.1.0.2 F5 BIG IP Ddos Hybrid Defender 15.1.0.4 F5 BIG IP Ddos Hybrid Defender 15.1.0.5 F5 BIG IP Ddos Hybrid Defender 15.1.1 F5 BIG IP Ddos Hybrid Defender 15.1.2 F5 BIG IP Ddos Hybrid Defender 15.1.2.1 F5 BIG IP SSL Orchestrator 16.0.0 F5 BIG IP SSL Orchestrator 16.0.1 F5 BIG IP SSL Orchestrator 15.1.0 F5 BIG IP SSL Orchestrator 15.1.0.4 F5 BIG IP SSL Orchestrator 15.1.1 F5 BIG IP SSL Orchestrator 15.1.2 F5 BIG IP SSL Orchestrator 15.1.2.1	147

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://support.f5.com/csp/article/K90603426