CVE-2021-23030

Published Sep 14, 2021

Last updated 3 years ago

CVSS high 7.5

Overview

Description: On BIG-IP Advanced WAF and BIG-IP ASM version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, 13.1.x before 13.1.4.1, and all versions of 12.1.x, when a WebSocket profile is configured on a virtual server, undisclosed requests can cause bd to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Source: f5sirt@f5.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-20
f5sirt@f5.com: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB47609C-87B6-4471-A5BD-CD942598BCB9",
            "versionEndIncluding": "12.1.6",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4C23715-2E2A-4FC6-8303-007AA2355779",
            "versionEndIncluding": "13.1.4",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2A1BB14-BEB5-43DD-878D-83E51FBFD4E0",
            "versionEndIncluding": "14.1.4",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56D19CAF-676D-4029-91C4-80140C4C4416",
            "versionEndIncluding": "15.1.3",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D3877DD-4285-4EA1-9E76-A7EF48B0B1B5",
            "versionEndIncluding": "16.0.1.1",
            "versionStartIncluding": "16.0.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1849279E-9FB1-4D6A-8386-337F7DF151DF",
            "versionEndIncluding": "12.1.6",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D17DCE22-99F8-422C-A414-86CFA78BA425",
            "versionEndIncluding": "13.1.4",
            "versionStartIncluding": "13.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15EB0439-9C16-45C2-895D-44D6ED1A028A",
            "versionEndIncluding": "14.1.4",
            "versionStartIncluding": "14.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2408EED7-CFDF-414C-82DB-FA9541DE2138",
            "versionEndIncluding": "15.1.3",
            "versionStartIncluding": "15.1.0"
          },
          {
            "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C19CC5B0-63A3-454E-B0F4-9F4A6D176567",
            "versionEndIncluding": "16.0.1.1",
            "versionStartIncluding": "16.0.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References