Lucene search

[email protected]CVE-2021-23000

HistoryMar 31, 2021 - 6:15 p.m.

CVE-2021-23000

2021-03-3118:15:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2021-23000

big-ip

tmm

security

afm

http

vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

41.7%

JSON

On BIG-IP versions 13.1.3.4-13.1.3.6 and 12.1.5.2, if the tmm.http.rfc.enforcement BigDB key is enabled in a BIG-IP system, or the Bad host header value is checked in the AFM HTTP security profile associated with a virtual server, in rare instances, a specific sequence of malicious requests may cause TMM to restart. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CPENameOperatorVersion
f5:ssl_orchestratorf5 ssl orchestratoreq12.1.5.2
f5:big-ip_policy_enforcement_managerf5 big-ip policy enforcement managereq12.1.5.2
f5:big-ip_local_traffic_managerf5 big-ip local traffic managereq12.1.5.2
f5:big-ip_link_controllerf5 big-ip link controllereq12.1.5.2
f5:big-ip_global_traffic_managerf5 big-ip global traffic managereq12.1.5.2
f5:big-ip_fraud_protection_servicef5 big-ip fraud protection serviceeq12.1.5.2
f5:big-ip_domain_name_systemf5 big-ip domain name systemeq12.1.5.2
f5:big-ip_ddos_hybrid_defenderf5 big-ip ddos hybrid defendereq12.1.5.2
f5:big-ip_application_security_managerf5 big-ip application security managereq12.1.5.2
f5:big-ip_application_acceleration_managerf5 big-ip application acceleration managereq12.1.5.2

CPE	Name	Operator	Version
f5:ssl_orchestrator	f5 ssl orchestrator	eq	12.1.5.2
f5:big-ip_policy_enforcement_manager	f5 big-ip policy enforcement manager	eq	12.1.5.2
f5:big-ip_local_traffic_manager	f5 big-ip local traffic manager	eq	12.1.5.2
f5:big-ip_link_controller	f5 big-ip link controller	eq	12.1.5.2
f5:big-ip_global_traffic_manager	f5 big-ip global traffic manager	eq	12.1.5.2
f5:big-ip_fraud_protection_service	f5 big-ip fraud protection service	eq	12.1.5.2
f5:big-ip_domain_name_system	f5 big-ip domain name system	eq	12.1.5.2
f5:big-ip_ddos_hybrid_defender	f5 big-ip ddos hybrid defender	eq	12.1.5.2
f5:big-ip_application_security_manager	f5 big-ip application security manager	eq	12.1.5.2
f5:big-ip_application_acceleration_manager	f5 big-ip application acceleration manager	eq	12.1.5.2

Rows per page:

1-10 of 281

References

support.f5.com/csp/article/K34441555

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

41.7%

JSON

Related for CVE-2021-23000

nessus1 prion1 f52