CVE-2021-22995
published 2021-03-31CVE-2021-22995: On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of…
high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ high availability (HA) when using a Quorum device for automatic failover does not implement any form of authentication with the Corosync daemon. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-iq | — | — |
| f5 | big-iq_centralized_management | — | — |
| f5 | big-iq_centralized_management | 6.0.0 – 6.1.0 | — |
| f5 | big-iq_centralized_management | 7.0.0 – 7.1.0 | — |
| linux | linux_kernel | >= 0 < 5.4.0-173.191 | 5.4.0-173.191 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
osv5.5MEDIUM