Lucene search
F5CVELIST:CVE-2021-22992HistoryMar 31, 2021 - 4:47 p.m.
CVE-2021-22992
2021-03-3116:47:05
f5
www.cve.org
5
big-ip
buffer overflow
dos attack
remote code execution
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, a malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution (RCE), leading to complete system compromise. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
CNA Affected
[
{
"product": "BIG-IP Advanced WAF and BIG-IP ASM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, 11.6.x before 11.6.5.3"
}
]
}
]References
Related
nvd
nvd
CVE-2021-22992
2021-03-31 17:15:13
prion
prion
Buffer overflow
2021-03-31 17:15:00
checkpoint_advisories
checkpoint_advisories
F5 BIG-IP Buffer Overflow (CVE-2021-22992)
2021-03-14 00:00:00
nessus
nessus
cve
cve
CVE-2021-22992
2021-03-31 17:15:13
f5
f5
K52510511 : Advanced WAF/ASM buffer-overflow vulnerability CVE-2021-22992
2021-03-10 00:00:00
K02566623 : Overview of F5 vulnerabilities (March 2021)
2021-03-10 00:00:00
thn
thn
Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP!
2021-03-11 05:56:00
seebug
seebug
rapid7blog
rapid7blog
threatpost
threatpost
F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs
2021-03-11 14:21:50