CVE-2021-23010F5 Big-ip Application Security Manager vulnerability

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 29.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F5 Big-ip Application Security ManagerBig-ip ASM Advanced WAF
Timeline
PublishedMay 10
Latest updateMay 24

Description

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-IP ASM bd process may produce a core file. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDf5/big-ip_application_security_manager12.1.012.1.5.3+4
CVEListV5big-ip_asm/advanced_waf16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3

🔴Vulnerability Details

2
GHSA
GHSA-x9xh-v7jc-6xqh: On versions 162022-05-24
CVEList
CVE-2021-23010: On versions 162021-05-10

📋Vendor Advisories

1
F5
CVE-2021-23010: On versions 162021-05-10
CVE-2021-23010 — F5 vulnerability | cvebase