Lucene search
F5CVELIST:CVE-2021-23008HistoryMay 10, 2021 - 1:13 p.m.
CVE-2021-23008
2021-05-1013:13:35
f5
www.cve.org
7
big-ip
apm
authentication
bypass
vulnerability
On version 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and all versions of 16.0.x and 11.6.x., BIG-IP APM AD (Active Directory) authentication can be bypassed via a spoofed AS-REP (Kerberos Authentication Service Response) response sent over a hijacked KDC (Kerberos Key Distribution Center) connection or from an AD server compromised by an attacker. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CNA Affected
[
{
"product": "BIG-IP APM",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and all versions of 16.0.x and 11.6.x."
}
]
}
]References
Related
nessus
nessus
F5 Networks BIG-IP : BIG-IP APM AD authentication vulnerability (K51213246)
2021-04-29 00:00:00
nvd
nvd
CVE-2021-23008
2021-05-10 14:15:07
cve
cve
CVE-2021-23008
2021-05-10 14:15:07
prion
prion
Authentication flaw
2021-05-10 14:15:00
f5
f5
K51213246 : BIG-IP APM AD authentication vulnerability CVE-2021-23008
2021-04-28 00:00:00
K96639388 : Overview of F5 vulnerabilities (April 2021)
2021-04-28 00:00:00
threatpost
threatpost
F5 Big-IP Vulnerable to Security-Bypass Bug
2021-04-29 20:04:55
Microsoft Warns of 25 Critical Vulnerabilities in IoT, Industrial Devices
2021-04-30 11:49:34
thn
thn
F5 BIG-IP Found Vulnerable to Kerberos KDC Spoofing Vulnerability
2021-04-28 13:00:00