cvelistv5 - cve-2021-23035

CVE-2021-23035 (GCVE-0-2021-23035)

Vulnerability from cvelistv5 – Published: 2021-09-14 17:21 – Updated: 2024-08-03 18:58

Summary

Severity ?

No CVSS data available.

CWE

CWE-20

Assigner

References

URL

Tags

https://support.f5.com/csp/article/K70415522

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	BIG-IP	Affected: 14.1.x before 14.1.4.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:58:26.304Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K70415522"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIG-IP",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "14.1.x before 14.1.4.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-14T17:21:06",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.f5.com/csp/article/K70415522"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "ID": "CVE-2021-23035",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIG-IP",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "14.1.x before 14.1.4.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K70415522",
              "refsource": "MISC",
              "url": "https://support.f5.com/csp/article/K70415522"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2021-23035",
    "datePublished": "2021-09-14T17:21:06",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-03T18:58:26.304Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.4.4\", \"matchCriteriaId\": \"57BF961E-F508-4B88-BEE7-CA84C4DD8DDB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.4.4\", \"matchCriteriaId\": \"31ADCFCE-75CA-40AD-B1BC-D24E119C0052\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.4.4\", \"matchCriteriaId\": \"562755C9-B818-404F-96AE-E44D212E5FB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.4.4\", \"matchCriteriaId\": \"42F753E8-CC9F-4A81-9285-365A62E1A27B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.4.4\", \"matchCriteriaId\": \"58696320-F6FB-4957-B84C-D340D6C03BFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.4.4\", \"matchCriteriaId\": \"71F2AF64-968C-4301-BDF4-DE213BC7BF52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.4.4\", \"matchCriteriaId\": \"9BB6D1E6-D194-4748-BC22-B485DDA6441C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.4.4\", \"matchCriteriaId\": \"48905AB6-C837-4D7E-80B4-5DFDC9E10711\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.4.4\", \"matchCriteriaId\": \"2D8A0D69-A87A-446D-9292-2453DA10DDF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.4.4\", \"matchCriteriaId\": \"3C8CB42C-CF6A-4222-ACCE-E3B3E667705E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndIncluding\": \"14.1.4.4\", \"matchCriteriaId\": \"A2030A3D-4A6A-4AA2-AFF5-CF8F4FEBE5D2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\"}, {\"lang\": \"es\", \"value\": \"En BIG-IP versiones 14.1.x anteriores a 14.1.4.4, cuando se configura un perfil HTTP en un servidor virtual, despu\\u00e9s de una secuencia espec\\u00edfica de paquetes, las respuestas en trozos pueden causar la terminaci\\u00f3n del Traffic Management Microkernel (TMM). Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas\"}]",
      "id": "CVE-2021-23035",
      "lastModified": "2024-11-21T05:51:11.607",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-09-14T18:15:08.243",
      "references": "[{\"url\": \"https://support.f5.com/csp/article/K70415522\", \"source\": \"f5sirt@f5.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://support.f5.com/csp/article/K70415522\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "f5sirt@f5.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"f5sirt@f5.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-23035\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2021-09-14T18:15:08.243\",\"lastModified\":\"2024-11-21T05:51:11.607\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\"},{\"lang\":\"es\",\"value\":\"En BIG-IP versiones 14.1.x anteriores a 14.1.4.4, cuando se configura un perfil HTTP en un servidor virtual, despu\u00e9s de una secuencia espec\u00edfica de paquetes, las respuestas en trozos pueden causar la terminaci\u00f3n del Traffic Management Microkernel (TMM). Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.4.4\",\"matchCriteriaId\":\"57BF961E-F508-4B88-BEE7-CA84C4DD8DDB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.4.4\",\"matchCriteriaId\":\"31ADCFCE-75CA-40AD-B1BC-D24E119C0052\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.4.4\",\"matchCriteriaId\":\"562755C9-B818-404F-96AE-E44D212E5FB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.4.4\",\"matchCriteriaId\":\"42F753E8-CC9F-4A81-9285-365A62E1A27B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.4.4\",\"matchCriteriaId\":\"58696320-F6FB-4957-B84C-D340D6C03BFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.4.4\",\"matchCriteriaId\":\"71F2AF64-968C-4301-BDF4-DE213BC7BF52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.4.4\",\"matchCriteriaId\":\"9BB6D1E6-D194-4748-BC22-B485DDA6441C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.4.4\",\"matchCriteriaId\":\"48905AB6-C837-4D7E-80B4-5DFDC9E10711\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.4.4\",\"matchCriteriaId\":\"2D8A0D69-A87A-446D-9292-2453DA10DDF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.4.4\",\"matchCriteriaId\":\"3C8CB42C-CF6A-4222-ACCE-E3B3E667705E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndIncluding\":\"14.1.4.4\",\"matchCriteriaId\":\"A2030A3D-4A6A-4AA2-AFF5-CF8F4FEBE5D2\"}]}]}],\"references\":[{\"url\":\"https://support.f5.com/csp/article/K70415522\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K70415522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}"
  }
}

FKIE_CVE-2021-23035

Vulnerability from fkie_nvd - Published: 2021-09-14 18:15 - Updated: 2024-11-21 05:51

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	f5sirt@f5.com	https://support.f5.com/csp/article/K70415522	Mitigation, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K70415522	Mitigation, Vendor Advisory

Impacted products

Vendor	Product	Version
f5	big-ip_access_policy_manager	*
f5	big-ip_advanced_firewall_manager	*
f5	big-ip_analytics	*
f5	big-ip_application_acceleration_manager	*
f5	big-ip_application_security_manager	*
f5	big-ip_domain_name_system	*
f5	big-ip_fraud_protection_service	*
f5	big-ip_global_traffic_manager	*
f5	big-ip_link_controller	*
f5	big-ip_local_traffic_manager	*
f5	big-ip_policy_enforcement_manager	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57BF961E-F508-4B88-BEE7-CA84C4DD8DDB",
              "versionEndIncluding": "14.1.4.4",
              "versionStartIncluding": "14.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "31ADCFCE-75CA-40AD-B1BC-D24E119C0052",
              "versionEndIncluding": "14.1.4.4",
              "versionStartIncluding": "14.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "562755C9-B818-404F-96AE-E44D212E5FB0",
              "versionEndIncluding": "14.1.4.4",
              "versionStartIncluding": "14.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42F753E8-CC9F-4A81-9285-365A62E1A27B",
              "versionEndIncluding": "14.1.4.4",
              "versionStartIncluding": "14.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58696320-F6FB-4957-B84C-D340D6C03BFC",
              "versionEndIncluding": "14.1.4.4",
              "versionStartIncluding": "14.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F2AF64-968C-4301-BDF4-DE213BC7BF52",
              "versionEndIncluding": "14.1.4.4",
              "versionStartIncluding": "14.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BB6D1E6-D194-4748-BC22-B485DDA6441C",
              "versionEndIncluding": "14.1.4.4",
              "versionStartIncluding": "14.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48905AB6-C837-4D7E-80B4-5DFDC9E10711",
              "versionEndIncluding": "14.1.4.4",
              "versionStartIncluding": "14.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D8A0D69-A87A-446D-9292-2453DA10DDF7",
              "versionEndIncluding": "14.1.4.4",
              "versionStartIncluding": "14.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C8CB42C-CF6A-4222-ACCE-E3B3E667705E",
              "versionEndIncluding": "14.1.4.4",
              "versionStartIncluding": "14.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2030A3D-4A6A-4AA2-AFF5-CF8F4FEBE5D2",
              "versionEndIncluding": "14.1.4.4",
              "versionStartIncluding": "14.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
    },
    {
      "lang": "es",
      "value": "En BIG-IP versiones 14.1.x anteriores a 14.1.4.4, cuando se configura un perfil HTTP en un servidor virtual, despu\u00e9s de una secuencia espec\u00edfica de paquetes, las respuestas en trozos pueden causar la terminaci\u00f3n del Traffic Management Microkernel (TMM). Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas"
    }
  ],
  "id": "CVE-2021-23035",
  "lastModified": "2024-11-21T05:51:11.607",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-14T18:15:08.243",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K70415522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K70415522"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "f5sirt@f5.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2021-65648

Vulnerability from cnvd - Published: 2021-08-26

Title

F5 BIG-IP TMM拒绝服务漏洞（CNVD-2021-65648）

Description

F5 BIG-IP是F5公司的一款集成了网络流量编排、负载均衡、智能DNS，远程接入策略管理等功能的应用交付平台。 F5 BIG-IP TMM存在拒绝服务漏洞，该漏洞源于在Virtual Server上关联了HTTP配置文件的情况下，在特定的数据包序列之后，chunked responses可能导致TMM终止。当TMM进程重新启动时，流量中断，攻击者可利用该漏洞在BIG-IP系统上造成拒绝服务 (DoS)。

Severity

高

Patch Name

F5 BIG-IP TMM拒绝服务漏洞（CNVD-2021-65648）的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.f5.com/csp/article/K70415522

Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23035

Impacted products

Name
F5 BIG-IP (所有模块) 14.1.0-14.1.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-23035"
    }
  },
  "description": "F5 BIG-IP\u662fF5\u516c\u53f8\u7684\u4e00\u6b3e\u96c6\u6210\u4e86\u7f51\u7edc\u6d41\u91cf\u7f16\u6392\u3001\u8d1f\u8f7d\u5747\u8861\u3001\u667a\u80fdDNS\uff0c\u8fdc\u7a0b\u63a5\u5165\u7b56\u7565\u7ba1\u7406\u7b49\u529f\u80fd\u7684\u5e94\u7528\u4ea4\u4ed8\u5e73\u53f0\u3002\n\nF5 BIG-IP TMM\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728Virtual Server\u4e0a\u5173\u8054\u4e86HTTP\u914d\u7f6e\u6587\u4ef6\u7684\u60c5\u51b5\u4e0b\uff0c\u5728\u7279\u5b9a\u7684\u6570\u636e\u5305\u5e8f\u5217\u4e4b\u540e\uff0cchunked responses\u53ef\u80fd\u5bfc\u81f4TMM\u7ec8\u6b62\u3002\u5f53TMM\u8fdb\u7a0b\u91cd\u65b0\u542f\u52a8\u65f6\uff0c\u6d41\u91cf\u4e2d\u65ad\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728BIG-IP\u7cfb\u7edf\u4e0a\u9020\u6210\u62d2\u7edd\u670d\u52a1\u00a0(DoS)\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.f5.com/csp/article/K70415522",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-65648",
  "openTime": "2021-08-26",
  "patchDescription": "F5 BIG-IP\u662fF5\u516c\u53f8\u7684\u4e00\u6b3e\u96c6\u6210\u4e86\u7f51\u7edc\u6d41\u91cf\u7f16\u6392\u3001\u8d1f\u8f7d\u5747\u8861\u3001\u667a\u80fdDNS\uff0c\u8fdc\u7a0b\u63a5\u5165\u7b56\u7565\u7ba1\u7406\u7b49\u529f\u80fd\u7684\u5e94\u7528\u4ea4\u4ed8\u5e73\u53f0\u3002\r\n\r\nF5 BIG-IP TMM\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728Virtual Server\u4e0a\u5173\u8054\u4e86HTTP\u914d\u7f6e\u6587\u4ef6\u7684\u60c5\u51b5\u4e0b\uff0c\u5728\u7279\u5b9a\u7684\u6570\u636e\u5305\u5e8f\u5217\u4e4b\u540e\uff0cchunked responses\u53ef\u80fd\u5bfc\u81f4TMM\u7ec8\u6b62\u3002\u5f53TMM\u8fdb\u7a0b\u91cd\u65b0\u542f\u52a8\u65f6\uff0c\u6d41\u91cf\u4e2d\u65ad\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728BIG-IP\u7cfb\u7edf\u4e0a\u9020\u6210\u62d2\u7edd\u670d\u52a1\u00a0(DoS)\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "F5 BIG-IP TMM\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2021-65648\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "F5 BIG-IP (\u6240\u6709\u6a21\u5757) 14.1.0-14.1.4"
  },
  "referenceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23035",
  "serverity": "\u9ad8",
  "submitTime": "2021-08-26",
  "title": "F5 BIG-IP TMM\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2021-65648\uff09"
}

GHSA-498V-8JR7-2HV8

Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-23035"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-14T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-498v-8jr7-2hv8",
  "modified": "2022-05-24T19:14:23Z",
  "published": "2022-05-24T19:14:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23035"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K70415522"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2021-23035

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-23035

Aliases

CVE-2021-23035

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-23035",
    "description": "On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
    "id": "GSD-2021-23035"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-23035"
      ],
      "details": "On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
      "id": "GSD-2021-23035",
      "modified": "2023-12-13T01:23:30.195540Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "f5sirt@f5.com",
        "ID": "CVE-2021-23035",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "BIG-IP",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "14.1.x before 14.1.4.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-20"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.f5.com/csp/article/K70415522",
            "refsource": "MISC",
            "url": "https://support.f5.com/csp/article/K70415522"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "ID": "CVE-2021-23035"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K70415522",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://support.f5.com/csp/article/K70415522"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-09-27T16:09Z",
      "publishedDate": "2021-09-14T18:15Z"
    }
  }
}

VAR-202109-0533

Vulnerability from variot - Updated: 2023-12-18 11:32

On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. plural F5 Networks There are unspecified vulnerabilities in the product.Service operation interruption (DoS) It may be in a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. The vulnerability stems from the fact that an attacker can cause a fatal error through F5 BIG-IP's HTTP configuration file chunked response to trigger a denial of service

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0533",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "big-ip link controller",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.4.4"
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip domain name system",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.4.4"
      },
      {
        "model": "big-ip application security manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.4.4"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip analytics",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.4.4"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.4.4"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip fraud protection service",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.4.4"
      },
      {
        "model": "big-ip global traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.4.4"
      },
      {
        "model": "big-ip local traffic manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.4.4"
      },
      {
        "model": "big-ip link controller",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.4.4"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.4.4"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip domain name system",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.4.4"
      },
      {
        "model": "big-ip analytics",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip application security manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip fraud protection service",
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip domain name system",
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip global traffic manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip local traffic manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip link controller",
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip advanced firewall manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip analytics",
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip access policy manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip policy enforcement manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip application acceleration manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012067"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23035"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "14.1.4.4",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-23035"
      }
    ]
  },
  "cve": "CVE-2021-23035",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-23035",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-381521",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-23035",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-23035",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202108-1987",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-381521",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-23035",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381521"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23035"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012067"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-1987"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "On BIG-IP 14.1.x before 14.1.4.4, when an HTTP profile is configured on a virtual server, after a specific sequence of packets, chunked responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. plural F5 Networks There are unspecified vulnerabilities in the product.Service operation interruption (DoS) It may be in a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. The vulnerability stems from the fact that an attacker can cause a fatal error through F5 BIG-IP\u0027s HTTP configuration file chunked response to trigger a denial of service",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-23035"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012067"
      },
      {
        "db": "VULHUB",
        "id": "VHN-381521"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23035"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-23035",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012067",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-1987",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2868",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-381521",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23035",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381521"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23035"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012067"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-1987"
      }
    ]
  },
  "id": "VAR-202109-0533",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381521"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:32:55.962000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "K70415522",
        "trust": 0.8,
        "url": "https://support.f5.com/csp/article/k70415522"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012067"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012067"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23035"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.f5.com/csp/article/k70415522"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23035"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/f5-big-ip-denial-of-service-via-http-profile-chunked-responses-36191"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2868"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381521"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23035"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012067"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-1987"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-381521"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23035"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012067"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23035"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-1987"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-381521"
      },
      {
        "date": "2021-09-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-23035"
      },
      {
        "date": "2022-08-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-012067"
      },
      {
        "date": "2021-09-14T18:15:08.243000",
        "db": "NVD",
        "id": "CVE-2021-23035"
      },
      {
        "date": "2021-08-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-1987"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-381521"
      },
      {
        "date": "2021-09-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-23035"
      },
      {
        "date": "2022-08-23T05:35:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-012067"
      },
      {
        "date": "2021-09-27T16:09:24.503000",
        "db": "NVD",
        "id": "CVE-2021-23035"
      },
      {
        "date": "2021-09-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-1987"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-1987"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural \u00a0F5\u00a0Networks\u00a0 Product vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012067"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-1987"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2021-AVI-664

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	BIG-IP	BIG-IP versions 11.6.x antérieures à 11.6.5.3 (toutes les vulnérabilités affectant cette version ne sont pas corrigées)
F5	BIG-IP	BIG-IP versions 13.1.x antérieures à 13.1.4.1
F5	BIG-IP	BIG-IP versions 14.1.x antérieures à 14.1.4.4
F5	BIG-IP	BIG-IP versions 16.0.x antérieures à 16.0.1.2 (toutes les vulnérabilités affectant cette version ne sont pas corrigées)
F5	BIG-IP	BIG-IP versions 15.1.x antérieures à 15.1.3.1
F5	BIG-IP	BIG-IP versions 12.1.x antérieures à 12.1.6 (toutes les vulnérabilités affectant cette version ne sont pas corrigées)
F5	BIG-IP	BIG-IP versions 16.1.x antérieures à 16.1.0

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K05043394 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K05314769 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K44553214 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K41351250 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K42051445 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K24301698 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K70415522 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K94941221 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K65397301 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K93231374 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K94255403 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K01153535 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K42526507 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K19012930 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K52420610 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K79428827 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K45407662 du 24 août 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP versions 11.6.x ant\u00e9rieures \u00e0 11.6.5.3 (toutes les vuln\u00e9rabilit\u00e9s affectant cette version ne sont pas corrig\u00e9es)",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 13.1.x ant\u00e9rieures \u00e0 13.1.4.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 14.1.x ant\u00e9rieures \u00e0 14.1.4.4",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.0.x ant\u00e9rieures \u00e0 16.0.1.2 (toutes les vuln\u00e9rabilit\u00e9s affectant cette version ne sont pas corrig\u00e9es)",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 15.1.x ant\u00e9rieures \u00e0 15.1.3.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 12.1.x ant\u00e9rieures \u00e0 12.1.6 (toutes les vuln\u00e9rabilit\u00e9s affectant cette version ne sont pas corrig\u00e9es)",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.1.x ant\u00e9rieures \u00e0 16.1.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-23049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23049"
    },
    {
      "name": "CVE-2021-23035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23035"
    },
    {
      "name": "CVE-2021-23032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23032"
    },
    {
      "name": "CVE-2021-23051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23051"
    },
    {
      "name": "CVE-2021-23044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23044"
    },
    {
      "name": "CVE-2021-23027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23027"
    },
    {
      "name": "CVE-2021-23048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23048"
    },
    {
      "name": "CVE-2021-23050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23050"
    },
    {
      "name": "CVE-2021-23031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23031"
    },
    {
      "name": "CVE-2021-23046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23046"
    },
    {
      "name": "CVE-2021-23045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23045"
    },
    {
      "name": "CVE-2021-23040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23040"
    },
    {
      "name": "CVE-2021-23029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23029"
    },
    {
      "name": "CVE-2021-23036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23036"
    },
    {
      "name": "CVE-2021-23030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23030"
    },
    {
      "name": "CVE-2021-23033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23033"
    },
    {
      "name": "CVE-2021-23047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23047"
    },
    {
      "name": "CVE-2021-23043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23043"
    },
    {
      "name": "CVE-2021-23037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23037"
    },
    {
      "name": "CVE-2021-23041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23041"
    },
    {
      "name": "CVE-2021-23042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23042"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-664",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-08-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans F5 BIG-IP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans F5 BIG-IP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K05043394 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K05043394"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K05314769 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K05314769"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K44553214 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K44553214"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K41351250 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K41351250"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K42051445 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K42051445"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K24301698 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K24301698"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K70415522 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K70415522"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K94941221 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K94941221"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K65397301 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K65397301"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K93231374 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K93231374"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K94255403 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K94255403"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K01153535 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K01153535"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K42526507 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K42526507"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K19012930 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K19012930"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K52420610 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K52420610"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K79428827 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K79428827"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K45407662 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K45407662"
    }
  ]
}

CERTFR-2021-AVI-664

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	BIG-IP	BIG-IP versions 11.6.x antérieures à 11.6.5.3 (toutes les vulnérabilités affectant cette version ne sont pas corrigées)
F5	BIG-IP	BIG-IP versions 13.1.x antérieures à 13.1.4.1
F5	BIG-IP	BIG-IP versions 14.1.x antérieures à 14.1.4.4
F5	BIG-IP	BIG-IP versions 16.0.x antérieures à 16.0.1.2 (toutes les vulnérabilités affectant cette version ne sont pas corrigées)
F5	BIG-IP	BIG-IP versions 15.1.x antérieures à 15.1.3.1
F5	BIG-IP	BIG-IP versions 12.1.x antérieures à 12.1.6 (toutes les vulnérabilités affectant cette version ne sont pas corrigées)
F5	BIG-IP	BIG-IP versions 16.1.x antérieures à 16.1.0

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K05043394 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K05314769 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K44553214 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K41351250 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K42051445 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K24301698 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K70415522 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K94941221 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K65397301 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K93231374 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K94255403 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K01153535 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K42526507 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K19012930 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K52420610 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K79428827 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K45407662 du 24 août 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP versions 11.6.x ant\u00e9rieures \u00e0 11.6.5.3 (toutes les vuln\u00e9rabilit\u00e9s affectant cette version ne sont pas corrig\u00e9es)",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 13.1.x ant\u00e9rieures \u00e0 13.1.4.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 14.1.x ant\u00e9rieures \u00e0 14.1.4.4",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.0.x ant\u00e9rieures \u00e0 16.0.1.2 (toutes les vuln\u00e9rabilit\u00e9s affectant cette version ne sont pas corrig\u00e9es)",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 15.1.x ant\u00e9rieures \u00e0 15.1.3.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 12.1.x ant\u00e9rieures \u00e0 12.1.6 (toutes les vuln\u00e9rabilit\u00e9s affectant cette version ne sont pas corrig\u00e9es)",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.1.x ant\u00e9rieures \u00e0 16.1.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-23049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23049"
    },
    {
      "name": "CVE-2021-23035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23035"
    },
    {
      "name": "CVE-2021-23032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23032"
    },
    {
      "name": "CVE-2021-23051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23051"
    },
    {
      "name": "CVE-2021-23044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23044"
    },
    {
      "name": "CVE-2021-23027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23027"
    },
    {
      "name": "CVE-2021-23048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23048"
    },
    {
      "name": "CVE-2021-23050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23050"
    },
    {
      "name": "CVE-2021-23031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23031"
    },
    {
      "name": "CVE-2021-23046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23046"
    },
    {
      "name": "CVE-2021-23045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23045"
    },
    {
      "name": "CVE-2021-23040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23040"
    },
    {
      "name": "CVE-2021-23029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23029"
    },
    {
      "name": "CVE-2021-23036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23036"
    },
    {
      "name": "CVE-2021-23030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23030"
    },
    {
      "name": "CVE-2021-23033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23033"
    },
    {
      "name": "CVE-2021-23047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23047"
    },
    {
      "name": "CVE-2021-23043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23043"
    },
    {
      "name": "CVE-2021-23037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23037"
    },
    {
      "name": "CVE-2021-23041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23041"
    },
    {
      "name": "CVE-2021-23042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23042"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-664",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-08-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans F5 BIG-IP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans F5 BIG-IP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K05043394 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K05043394"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K05314769 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K05314769"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K44553214 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K44553214"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K41351250 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K41351250"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K42051445 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K42051445"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K24301698 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K24301698"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K70415522 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K70415522"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K94941221 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K94941221"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K65397301 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K65397301"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K93231374 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K93231374"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K94255403 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K94255403"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K01153535 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K01153535"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K42526507 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K42526507"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K19012930 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K19012930"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K52420610 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K52420610"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K79428827 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K79428827"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K45407662 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K45407662"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-23035 (GCVE-0-2021-23035)

FKIE_CVE-2021-23035

CNVD-2021-65648

GHSA-498V-8JR7-2HV8

GSD-2021-23035

VAR-202109-0533

CERTFR-2021-AVI-664

Solution

CERTFR-2021-AVI-664

Solution

Tags

Sightings

Nomenclature