Lucene search

[email protected]NVD:CVE-2021-22981

HistoryFeb 12, 2021 - 6:15 p.m.

CVE-2021-22981

2021-02-1218:15:12

[email protected]

web.nvd.nist.gov

big-ip

tls

vulnerability

negotiation

rfc 7627

man-in-the-middle

eosd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

28.7%

JSON

On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627. TLS connections that do not use EMS are vulnerable to man-in-the-middle attacks during renegotiation. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Affected configurations

Nvd

Node

f5big-ip_access_policy_managerRange11.6.1–11.6.5

f5big-ip_access_policy_managerRange12.1.0–12.1.5

f5big-ip_advanced_firewall_managerRange11.6.1–11.6.5

f5big-ip_advanced_firewall_managerRange12.1.0–12.1.5

f5big-ip_advanced_web_application_firewallRange11.6.1–11.6.5

f5big-ip_advanced_web_application_firewallRange12.1.0–12.1.5

f5big-ip_analyticsRange11.6.1–11.6.5

f5big-ip_analyticsRange12.1.0–12.1.5

f5big-ip_application_acceleration_managerRange11.6.1–11.6.5

f5big-ip_application_acceleration_managerRange12.1.0–12.1.5

f5big-ip_application_security_managerRange11.6.1–11.6.5

f5big-ip_application_security_managerRange12.1.0–12.1.5

f5big-ip_ddos_hybrid_defenderRange11.6.1–11.6.5

f5big-ip_ddos_hybrid_defenderRange12.1.0–12.1.5

f5big-ip_domain_name_systemRange11.6.1–11.6.5

f5big-ip_domain_name_systemRange12.1.0–12.1.5

f5big-ip_fraud_protection_serviceRange11.6.1–11.6.5

f5big-ip_fraud_protection_serviceRange12.1.0–12.1.5

f5big-ip_global_traffic_managerRange11.6.1–11.6.5

f5big-ip_global_traffic_managerRange12.1.0–12.1.5

f5big-ip_link_controllerRange11.6.1–11.6.5

f5big-ip_link_controllerRange12.1.0–12.1.5

f5big-ip_local_traffic_managerRange11.6.1–11.6.5

f5big-ip_local_traffic_managerRange12.1.0–12.1.5

f5big-ip_policy_enforcement_managerRange11.6.1–11.6.5

f5big-ip_policy_enforcement_managerRange12.1.0–12.1.5

f5big-ip_ssl_orchestratorRange11.6.1–11.6.5

f5big-ip_ssl_orchestratorRange12.1.0–12.1.5

VendorProductVersionCPE
f5big-ip_access_policy_manager*cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
f5big-ip_advanced_firewall_manager*cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*
f5big-ip_advanced_web_application_firewall*cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*
f5big-ip_analytics*cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
f5big-ip_application_acceleration_manager*cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*
f5big-ip_application_security_manager*cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*
f5big-ip_ddos_hybrid_defender*cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*
f5big-ip_domain_name_system*cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
f5big-ip_fraud_protection_service*cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
f5big-ip_global_traffic_manager*cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
f5	big-ip_access_policy_manager	*	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
f5	big-ip_advanced_firewall_manager	*	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
f5	big-ip_advanced_web_application_firewall	*	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
f5	big-ip_analytics	*	cpe:2.3:a:f5:big-ip_analytics::::::::
f5	big-ip_application_acceleration_manager	*	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
f5	big-ip_application_security_manager	*	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
f5	big-ip_ddos_hybrid_defender	*	cpe:2.3:a:f5:big-ip_ddos_hybrid_defender::::::::
f5	big-ip_domain_name_system	*	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
f5	big-ip_fraud_protection_service	*	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
f5	big-ip_global_traffic_manager	*	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::

Rows per page:

1-10 of 141

References

support.f5.com/csp/article/K09121542

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

28.7%

JSON

Related for NVD:CVE-2021-22981

nessus1 cvelist1 f51 prion1 cve1