logo
DATABASE RESOURCES PRICING ABOUT US

Advanced WAF and BIG-IP ASM vulnerability CVE-2021-23028

Description

When JSON content profiles are configured for URLs as part of an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy and applied to a virtual server, undisclosed requests may cause the BIG-IP ASM bd process to terminate. ([CVE-2021-23028](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23028>)) Impact Traffic is disrupted while the BIG-IP ASM **bd** process restarts. This vulnerability allows a remote attacker to cause a denial-of-service (DoS) on the BIG-IP system. There is no control plane exposure; this is a data plane issue only.


Affected Software


CPE Name Name Version
big-ip (advanced waf. asm) 16.0.1
big-ip (advanced waf. asm) 15.1.1
big-ip (advanced waf. asm) 15.1.3
big-ip (advanced waf. asm) 14.1.3.1
big-ip (advanced waf. asm) 14.1.4.1
big-ip (advanced waf. asm) 13.1.3.5
big-ip (advanced waf. asm) 13.1.3.6

Related