CVE-2021-23009

Published May 10, 2021

Last updated 4 years ago

CVSS high 7.5

Overview

Description: On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. TMM takes the configured HA action when the TMM process is aborted. There is no control plane exposure, this is a data plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Source: f5sirt@f5.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-835

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F04F2FB-12C2-4BC4-AFBB-9DA82E53D7EF",
            "versionEndExcluding": "15.1.3",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7706F70-BF89-480E-9AA6-3FE447375138",
            "versionEndExcluding": "16.0.1.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA17368C-7B1F-4B73-8296-3FC2656C0F04",
            "versionEndExcluding": "15.1.3",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A84A8D4-9047-46D2-9C26-03C977D47AE4",
            "versionEndExcluding": "16.0.1.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55E9A0EB-8118-400B-B901-80A8AAFC212F",
            "versionEndExcluding": "15.1.3",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B9117DA-6AA9-4704-A092-B1D426E6370D",
            "versionEndExcluding": "16.0.1.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3EC583B6-59E2-431B-A574-0A700F5713A6",
            "versionEndExcluding": "15.1.3",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AE6833C-FF7C-4249-BF98-453645EEF8D9",
            "versionEndExcluding": "16.0.1.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06D8F5CC-FD05-42EA-A3F2-49BB4A5009F3",
            "versionEndExcluding": "15.1.3",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51E3E0A3-8A75-43F8-8E8A-0C07345B88FD",
            "versionEndExcluding": "16.0.1.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23CFD951-1C6F-4EE5-B8AA-06F29744F082",
            "versionEndExcluding": "15.1.3",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BB77EFF-A064-4475-A93C-5D5BA9313724",
            "versionEndExcluding": "16.0.1.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92C9E947-BEF9-44CF-B129-D2BC0ECD5588",
            "versionEndExcluding": "15.1.3",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "40239D12-142E-4D36-A89E-0F7AB91B665A",
            "versionEndExcluding": "16.0.1.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2E2832C-0C5D-4051-A85B-162C5BF11DEE",
            "versionEndExcluding": "15.1.3",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87CA1319-92D4-4C2F-B5D4-A2E86F538007",
            "versionEndExcluding": "16.0.1.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "247A56A6-5486-49C4-88B1-4251337044AB",
            "versionEndExcluding": "15.1.3",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FE9EF68-055B-40B2-A676-C4C7FAAF77B3",
            "versionEndExcluding": "16.0.1.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E599573-DAE5-4481-9BA0-7796D7101E67",
            "versionEndExcluding": "15.1.3",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD28DA4B-F671-41B8-B231-24D28682FE8F",
            "versionEndExcluding": "16.0.1.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D67E4394-E1CC-4492-95E7-DCDA13049517",
            "versionEndExcluding": "15.1.3",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47980A60-F9B6-47EE-AD74-4D6D03A71AD0",
            "versionEndExcluding": "16.0.1.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B6F6F41-B775-4A79-8284-C7BE0DA49DAA",
            "versionEndExcluding": "15.1.3",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B0901863-B55A-4C97-B9AC-B537D242D2BF",
            "versionEndExcluding": "16.0.1.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50D58AEB-BB36-45A9-99D7-DC028F900707",
            "versionEndExcluding": "15.1.3",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85065C6E-71F2-42B8-A169-51174987B8AF",
            "versionEndExcluding": "16.0.1.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F071628-CC1B-4465-933D-7E5302DCC3A2",
            "versionEndExcluding": "15.1.3",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4ADE8D9-D1EF-4591-AB3C-93D06BE701EC",
            "versionEndExcluding": "16.0.1.1",
            "versionStartIncluding": "16.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References