cvelistv5 - cve-2021-23047

CVE-2021-23047 (GCVE-0-2021-23047)

Vulnerability from cvelistv5 – Published: 2021-09-14 13:26 – Updated: 2024-08-03 18:58

Summary

Severity ?

No CVSS data available.

CWE

CWE-400

Assigner

References

URL

Tags

https://support.f5.com/csp/article/K79428827

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	BIG-IP APM	Affected: 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:58:26.410Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K79428827"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIG-IP APM",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-14T13:26:50",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.f5.com/csp/article/K79428827"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "ID": "CVE-2021-23047",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIG-IP APM",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K79428827",
              "refsource": "MISC",
              "url": "https://support.f5.com/csp/article/K79428827"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2021-23047",
    "datePublished": "2021-09-14T13:26:50",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-03T18:58:26.410Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.6.1\", \"versionEndIncluding\": \"11.6.5\", \"matchCriteriaId\": \"2FBA9552-4645-4BFF-91A4-47B6A3414325\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.1.0\", \"versionEndIncluding\": \"12.1.6\", \"matchCriteriaId\": \"DE2F2CB2-BE96-4DC8-B336-1E9A318B4604\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.1.0\", \"versionEndExcluding\": \"13.1.4\", \"matchCriteriaId\": \"0F975B09-678D-49A3-9BCE-C4F3BF45B0BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.1.0\", \"versionEndExcluding\": \"14.1.4.3\", \"matchCriteriaId\": \"8C66FD31-E9F8-44A4-9906-203C08F1A53D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"15.1.0\", \"versionEndExcluding\": \"15.1.3.1\", \"matchCriteriaId\": \"6E57675D-7F7C-45D3-B1E2-DFE28A077F1E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.0.0\", \"versionEndIncluding\": \"16.0.1\", \"matchCriteriaId\": \"EB93F27C-BBDD-4A7E-932A-858C130F39F0\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\"}, {\"lang\": \"es\", \"value\": \"En versiones 16.x anteriores a 16.1.0, versiones 15.1.x anteriores a 15.1.3.1, versiones 14.1.x anteriores a 14.1.4.3, y todas las versiones de 13.1.x, 12.1.x y 11.6.x, cuando BIG-IP APM lleva a cabo una comprobaci\\u00f3n del Online Certificate Status Protocol (OCSP) de un certificado que contiene Authority Information Access (AIA), las peticiones no divulgadas pueden causar un aumento del uso de memoria. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas\"}]",
      "id": "CVE-2021-23047",
      "lastModified": "2024-11-21T05:51:13.060",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-09-14T14:15:10.263",
      "references": "[{\"url\": \"https://support.f5.com/csp/article/K79428827\", \"source\": \"f5sirt@f5.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support.f5.com/csp/article/K79428827\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "f5sirt@f5.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"f5sirt@f5.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-23047\",\"sourceIdentifier\":\"f5sirt@f5.com\",\"published\":\"2021-09-14T14:15:10.263\",\"lastModified\":\"2024-11-21T05:51:13.060\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\"},{\"lang\":\"es\",\"value\":\"En versiones 16.x anteriores a 16.1.0, versiones 15.1.x anteriores a 15.1.3.1, versiones 14.1.x anteriores a 14.1.4.3, y todas las versiones de 13.1.x, 12.1.x y 11.6.x, cuando BIG-IP APM lleva a cabo una comprobaci\u00f3n del Online Certificate Status Protocol (OCSP) de un certificado que contiene Authority Information Access (AIA), las peticiones no divulgadas pueden causar un aumento del uso de memoria. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"f5sirt@f5.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.6.1\",\"versionEndIncluding\":\"11.6.5\",\"matchCriteriaId\":\"2FBA9552-4645-4BFF-91A4-47B6A3414325\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.1.0\",\"versionEndIncluding\":\"12.1.6\",\"matchCriteriaId\":\"DE2F2CB2-BE96-4DC8-B336-1E9A318B4604\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndExcluding\":\"13.1.4\",\"matchCriteriaId\":\"0F975B09-678D-49A3-9BCE-C4F3BF45B0BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.1.0\",\"versionEndExcluding\":\"14.1.4.3\",\"matchCriteriaId\":\"8C66FD31-E9F8-44A4-9906-203C08F1A53D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.1.0\",\"versionEndExcluding\":\"15.1.3.1\",\"matchCriteriaId\":\"6E57675D-7F7C-45D3-B1E2-DFE28A077F1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0.0\",\"versionEndIncluding\":\"16.0.1\",\"matchCriteriaId\":\"EB93F27C-BBDD-4A7E-932A-858C130F39F0\"}]}]}],\"references\":[{\"url\":\"https://support.f5.com/csp/article/K79428827\",\"source\":\"f5sirt@f5.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K79428827\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

GHSA-5CJP-4H3F-M7R2

Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-23047"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-14T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-5cjp-4h3f-m7r2",
  "modified": "2022-05-24T19:14:25Z",
  "published": "2022-05-24T19:14:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23047"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K79428827"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CNVD-2021-65639

Vulnerability from cnvd - Published: 2021-08-26

Title

F5 BIG IP APM OCSP拒绝服务漏洞

Description

F5 BIG-IP是F5公司的一款集成了网络流量编排、负载均衡、智能DNS，远程接入策略管理等功能的应用交付平台。 F5 BIG IP APM OCSP拒绝服务漏洞，当BIG-IP APM对包含授权信息访问 (AIA) 的证书执行OCSP 验证时，攻击者可利用该漏洞在BIG-IP系统上造成拒绝服务 (DoS)。

Severity

中

Patch Name

F5 BIG IP APM OCSP拒绝服务漏洞的补丁

Patch Description

F5 BIG-IP是F5公司的一款集成了网络流量编排、负载均衡、智能DNS，远程接入策略管理等功能的应用交付平台。 F5 BIG IP APM OCSP拒绝服务漏洞，当BIG-IP APM对包含授权信息访问 (AIA) 的证书执行OCSP 验证时，攻击者可利用该漏洞在BIG-IP系统上造成拒绝服务 (DoS)。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.f5.com/csp/article/K79428827

Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23047

Impacted products

Name
F5 BIG-IP APM 16.0.0-16.0.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-23047"
    }
  },
  "description": "F5 BIG-IP\u662fF5\u516c\u53f8\u7684\u4e00\u6b3e\u96c6\u6210\u4e86\u7f51\u7edc\u6d41\u91cf\u7f16\u6392\u3001\u8d1f\u8f7d\u5747\u8861\u3001\u667a\u80fdDNS\uff0c\u8fdc\u7a0b\u63a5\u5165\u7b56\u7565\u7ba1\u7406\u7b49\u529f\u80fd\u7684\u5e94\u7528\u4ea4\u4ed8\u5e73\u53f0\u3002\n\nF5 BIG IP APM OCSP\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5f53BIG-IP APM\u5bf9\u5305\u542b\u6388\u6743\u4fe1\u606f\u8bbf\u95ee (AIA) \u7684\u8bc1\u4e66\u6267\u884cOCSP \u9a8c\u8bc1\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728BIG-IP\u7cfb\u7edf\u4e0a\u9020\u6210\u62d2\u7edd\u670d\u52a1\u00a0(DoS)\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.f5.com/csp/article/K79428827",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-65639",
  "openTime": "2021-08-26",
  "patchDescription": "F5 BIG-IP\u662fF5\u516c\u53f8\u7684\u4e00\u6b3e\u96c6\u6210\u4e86\u7f51\u7edc\u6d41\u91cf\u7f16\u6392\u3001\u8d1f\u8f7d\u5747\u8861\u3001\u667a\u80fdDNS\uff0c\u8fdc\u7a0b\u63a5\u5165\u7b56\u7565\u7ba1\u7406\u7b49\u529f\u80fd\u7684\u5e94\u7528\u4ea4\u4ed8\u5e73\u53f0\u3002\r\n\r\nF5 BIG IP APM OCSP\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u5f53BIG-IP APM\u5bf9\u5305\u542b\u6388\u6743\u4fe1\u606f\u8bbf\u95ee (AIA) \u7684\u8bc1\u4e66\u6267\u884cOCSP \u9a8c\u8bc1\u65f6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728BIG-IP\u7cfb\u7edf\u4e0a\u9020\u6210\u62d2\u7edd\u670d\u52a1\u00a0(DoS)\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "F5 BIG IP APM OCSP\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "F5 BIG-IP APM 16.0.0-16.0.1"
  },
  "referenceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-23047",
  "serverity": "\u4e2d",
  "submitTime": "2021-08-26",
  "title": "F5 BIG IP APM OCSP\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

VAR-202109-0785

Vulnerability from variot - Updated: 2023-12-18 10:46

On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP APM Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. F5 BIG-IP APM is a set of access and security solutions from F5 Corporation of the United States. The product provides unified access to business-critical applications and networks. F5 BIG-IP APM has a security vulnerability. The vulnerability stems from the fact that an attacker can cause a fatal error through OCSP Memory Use of F5 BIG-IP APM to trigger a denial of service

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202109-0785",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "13.1.4"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.6.5"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "12.1.6"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "11.6.1"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.4.3"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "f5",
        "version": "15.1.3.1"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "14.1.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.0.1"
      },
      {
        "model": "big-ip access policy manager",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "f5",
        "version": "16.0.0"
      },
      {
        "model": "big-ip access policy manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      },
      {
        "model": "big-ip access policy manager",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012086"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23047"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.6.5",
                "versionStartIncluding": "11.6.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.6",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1.4",
                "versionStartIncluding": "13.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.1.4.3",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.1.3.1",
                "versionStartIncluding": "15.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "16.0.1",
                "versionStartIncluding": "16.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-23047"
      }
    ]
  },
  "cve": "CVE-2021-23047",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-23047",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-381533",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2021-23047",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-23047",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202108-2252",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-381533",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-23047",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381533"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23047"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012086"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23047"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2252"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP APM Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. F5 BIG-IP APM is a set of access and security solutions from F5 Corporation of the United States. The product provides unified access to business-critical applications and networks. F5 BIG-IP APM has a security vulnerability. The vulnerability stems from the fact that an attacker can cause a fatal error through OCSP Memory Use of F5 BIG-IP APM to trigger a denial of service",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-23047"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012086"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-381533"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23047"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-23047",
        "trust": 3.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012086",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2252",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2869",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021083010",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-381533",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23047",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381533"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23047"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012086"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23047"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2252"
      }
    ]
  },
  "id": "VAR-202109-0785",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381533"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:46:44.841000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "K79428827",
        "trust": 0.8,
        "url": "https://support.f5.com/csp/article/k79428827"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012086"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-400",
        "trust": 1.1
      },
      {
        "problemtype": "Resource exhaustion (CWE-400) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381533"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012086"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23047"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.f5.com/csp/article/k79428827"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-23047"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021083010"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/f5-big-ip-apm-denial-of-service-via-ocsp-memory-use-36208"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2869"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/400.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-381533"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23047"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012086"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23047"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2252"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-381533"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-23047"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012086"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-23047"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2252"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-381533"
      },
      {
        "date": "2021-09-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-23047"
      },
      {
        "date": "2022-08-23T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-012086"
      },
      {
        "date": "2021-09-14T14:15:10.263000",
        "db": "NVD",
        "id": "CVE-2021-23047"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-2252"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-381533"
      },
      {
        "date": "2021-09-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-23047"
      },
      {
        "date": "2022-08-23T08:45:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-012086"
      },
      {
        "date": "2021-09-27T16:36:54.417000",
        "db": "NVD",
        "id": "CVE-2021-23047"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-09-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-2252"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2252"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "BIG-IP\u00a0APM\u00a0 Resource exhaustion vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-012086"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

CERTFR-2021-AVI-664

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	BIG-IP	BIG-IP versions 11.6.x antérieures à 11.6.5.3 (toutes les vulnérabilités affectant cette version ne sont pas corrigées)
F5	BIG-IP	BIG-IP versions 13.1.x antérieures à 13.1.4.1
F5	BIG-IP	BIG-IP versions 14.1.x antérieures à 14.1.4.4
F5	BIG-IP	BIG-IP versions 16.0.x antérieures à 16.0.1.2 (toutes les vulnérabilités affectant cette version ne sont pas corrigées)
F5	BIG-IP	BIG-IP versions 15.1.x antérieures à 15.1.3.1
F5	BIG-IP	BIG-IP versions 12.1.x antérieures à 12.1.6 (toutes les vulnérabilités affectant cette version ne sont pas corrigées)
F5	BIG-IP	BIG-IP versions 16.1.x antérieures à 16.1.0

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K05043394 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K05314769 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K44553214 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K41351250 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K42051445 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K24301698 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K70415522 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K94941221 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K65397301 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K93231374 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K94255403 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K01153535 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K42526507 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K19012930 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K52420610 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K79428827 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K45407662 du 24 août 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP versions 11.6.x ant\u00e9rieures \u00e0 11.6.5.3 (toutes les vuln\u00e9rabilit\u00e9s affectant cette version ne sont pas corrig\u00e9es)",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 13.1.x ant\u00e9rieures \u00e0 13.1.4.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 14.1.x ant\u00e9rieures \u00e0 14.1.4.4",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.0.x ant\u00e9rieures \u00e0 16.0.1.2 (toutes les vuln\u00e9rabilit\u00e9s affectant cette version ne sont pas corrig\u00e9es)",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 15.1.x ant\u00e9rieures \u00e0 15.1.3.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 12.1.x ant\u00e9rieures \u00e0 12.1.6 (toutes les vuln\u00e9rabilit\u00e9s affectant cette version ne sont pas corrig\u00e9es)",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.1.x ant\u00e9rieures \u00e0 16.1.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-23049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23049"
    },
    {
      "name": "CVE-2021-23035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23035"
    },
    {
      "name": "CVE-2021-23032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23032"
    },
    {
      "name": "CVE-2021-23051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23051"
    },
    {
      "name": "CVE-2021-23044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23044"
    },
    {
      "name": "CVE-2021-23027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23027"
    },
    {
      "name": "CVE-2021-23048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23048"
    },
    {
      "name": "CVE-2021-23050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23050"
    },
    {
      "name": "CVE-2021-23031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23031"
    },
    {
      "name": "CVE-2021-23046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23046"
    },
    {
      "name": "CVE-2021-23045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23045"
    },
    {
      "name": "CVE-2021-23040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23040"
    },
    {
      "name": "CVE-2021-23029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23029"
    },
    {
      "name": "CVE-2021-23036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23036"
    },
    {
      "name": "CVE-2021-23030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23030"
    },
    {
      "name": "CVE-2021-23033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23033"
    },
    {
      "name": "CVE-2021-23047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23047"
    },
    {
      "name": "CVE-2021-23043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23043"
    },
    {
      "name": "CVE-2021-23037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23037"
    },
    {
      "name": "CVE-2021-23041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23041"
    },
    {
      "name": "CVE-2021-23042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23042"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-664",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-08-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans F5 BIG-IP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans F5 BIG-IP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K05043394 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K05043394"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K05314769 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K05314769"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K44553214 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K44553214"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K41351250 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K41351250"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K42051445 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K42051445"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K24301698 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K24301698"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K70415522 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K70415522"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K94941221 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K94941221"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K65397301 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K65397301"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K93231374 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K93231374"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K94255403 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K94255403"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K01153535 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K01153535"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K42526507 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K42526507"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K19012930 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K19012930"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K52420610 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K52420610"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K79428827 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K79428827"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K45407662 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K45407662"
    }
  ]
}

CERTFR-2021-AVI-664

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	BIG-IP	BIG-IP versions 11.6.x antérieures à 11.6.5.3 (toutes les vulnérabilités affectant cette version ne sont pas corrigées)
F5	BIG-IP	BIG-IP versions 13.1.x antérieures à 13.1.4.1
F5	BIG-IP	BIG-IP versions 14.1.x antérieures à 14.1.4.4
F5	BIG-IP	BIG-IP versions 16.0.x antérieures à 16.0.1.2 (toutes les vulnérabilités affectant cette version ne sont pas corrigées)
F5	BIG-IP	BIG-IP versions 15.1.x antérieures à 15.1.3.1
F5	BIG-IP	BIG-IP versions 12.1.x antérieures à 12.1.6 (toutes les vulnérabilités affectant cette version ne sont pas corrigées)
F5	BIG-IP	BIG-IP versions 16.1.x antérieures à 16.1.0

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K05043394 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K05314769 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K44553214 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K41351250 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K42051445 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K24301698 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K70415522 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K94941221 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K65397301 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K93231374 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K94255403 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K01153535 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K42526507 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K19012930 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K52420610 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K79428827 du 24 août 2021	None	vendor-advisory
Bulletin de sécurité F5 K45407662 du 24 août 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP versions 11.6.x ant\u00e9rieures \u00e0 11.6.5.3 (toutes les vuln\u00e9rabilit\u00e9s affectant cette version ne sont pas corrig\u00e9es)",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 13.1.x ant\u00e9rieures \u00e0 13.1.4.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 14.1.x ant\u00e9rieures \u00e0 14.1.4.4",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.0.x ant\u00e9rieures \u00e0 16.0.1.2 (toutes les vuln\u00e9rabilit\u00e9s affectant cette version ne sont pas corrig\u00e9es)",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 15.1.x ant\u00e9rieures \u00e0 15.1.3.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 12.1.x ant\u00e9rieures \u00e0 12.1.6 (toutes les vuln\u00e9rabilit\u00e9s affectant cette version ne sont pas corrig\u00e9es)",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP versions 16.1.x ant\u00e9rieures \u00e0 16.1.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-23049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23049"
    },
    {
      "name": "CVE-2021-23035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23035"
    },
    {
      "name": "CVE-2021-23032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23032"
    },
    {
      "name": "CVE-2021-23051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23051"
    },
    {
      "name": "CVE-2021-23044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23044"
    },
    {
      "name": "CVE-2021-23027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23027"
    },
    {
      "name": "CVE-2021-23048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23048"
    },
    {
      "name": "CVE-2021-23050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23050"
    },
    {
      "name": "CVE-2021-23031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23031"
    },
    {
      "name": "CVE-2021-23046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23046"
    },
    {
      "name": "CVE-2021-23045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23045"
    },
    {
      "name": "CVE-2021-23040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23040"
    },
    {
      "name": "CVE-2021-23029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23029"
    },
    {
      "name": "CVE-2021-23036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23036"
    },
    {
      "name": "CVE-2021-23030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23030"
    },
    {
      "name": "CVE-2021-23033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23033"
    },
    {
      "name": "CVE-2021-23047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23047"
    },
    {
      "name": "CVE-2021-23043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23043"
    },
    {
      "name": "CVE-2021-23037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23037"
    },
    {
      "name": "CVE-2021-23041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23041"
    },
    {
      "name": "CVE-2021-23042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23042"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-664",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-08-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans F5 BIG-IP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans F5 BIG-IP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K05043394 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K05043394"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K05314769 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K05314769"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K44553214 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K44553214"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K41351250 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K41351250"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K42051445 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K42051445"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K24301698 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K24301698"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K70415522 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K70415522"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K94941221 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K94941221"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K65397301 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K65397301"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K93231374 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K93231374"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K94255403 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K94255403"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K01153535 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K01153535"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K42526507 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K42526507"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K19012930 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K19012930"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K52420610 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K52420610"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K79428827 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K79428827"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K45407662 du 24 ao\u00fbt 2021",
      "url": "https://support.f5.com/csp/article/K45407662"
    }
  ]
}

FKIE_CVE-2021-23047

Vulnerability from fkie_nvd - Published: 2021-09-14 14:15 - Updated: 2024-11-21 05:51

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

References

	URL	Tags
	f5sirt@f5.com	https://support.f5.com/csp/article/K79428827	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K79428827	Vendor Advisory

Impacted products

Vendor	Product	Version
f5	big-ip_access_policy_manager	*
f5	big-ip_access_policy_manager	*
f5	big-ip_access_policy_manager	*
f5	big-ip_access_policy_manager	*
f5	big-ip_access_policy_manager	*
f5	big-ip_access_policy_manager	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FBA9552-4645-4BFF-91A4-47B6A3414325",
              "versionEndIncluding": "11.6.5",
              "versionStartIncluding": "11.6.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE2F2CB2-BE96-4DC8-B336-1E9A318B4604",
              "versionEndIncluding": "12.1.6",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F975B09-678D-49A3-9BCE-C4F3BF45B0BB",
              "versionEndExcluding": "13.1.4",
              "versionStartIncluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C66FD31-E9F8-44A4-9906-203C08F1A53D",
              "versionEndExcluding": "14.1.4.3",
              "versionStartIncluding": "14.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E57675D-7F7C-45D3-B1E2-DFE28A077F1E",
              "versionEndExcluding": "15.1.3.1",
              "versionStartIncluding": "15.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB93F27C-BBDD-4A7E-932A-858C130F39F0",
              "versionEndIncluding": "16.0.1",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
    },
    {
      "lang": "es",
      "value": "En versiones 16.x anteriores a 16.1.0, versiones 15.1.x anteriores a 15.1.3.1, versiones 14.1.x anteriores a 14.1.4.3, y todas las versiones de 13.1.x, 12.1.x y 11.6.x, cuando BIG-IP APM lleva a cabo una comprobaci\u00f3n del Online Certificate Status Protocol (OCSP) de un certificado que contiene Authority Information Access (AIA), las peticiones no divulgadas pueden causar un aumento del uso de memoria. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas"
    }
  ],
  "id": "CVE-2021-23047",
  "lastModified": "2024-11-21T05:51:13.060",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-14T14:15:10.263",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K79428827"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K79428827"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "f5sirt@f5.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2021-23047

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-23047

Aliases

CVE-2021-23047

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-23047",
    "description": "On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
    "id": "GSD-2021-23047"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-23047"
      ],
      "details": "On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
      "id": "GSD-2021-23047",
      "modified": "2023-12-13T01:23:29.854480Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "f5sirt@f5.com",
        "ID": "CVE-2021-23047",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "BIG-IP APM",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-400"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.f5.com/csp/article/K79428827",
            "refsource": "MISC",
            "url": "https://support.f5.com/csp/article/K79428827"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.6.5",
                "versionStartIncluding": "11.6.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "12.1.6",
                "versionStartIncluding": "12.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1.4",
                "versionStartIncluding": "13.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.1.4.3",
                "versionStartIncluding": "14.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.1.3.1",
                "versionStartIncluding": "15.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "16.0.1",
                "versionStartIncluding": "16.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "ID": "CVE-2021-23047"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "On version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.3, and all versions of 13.1.x, 12.1.x and 11.6.x, when BIG-IP APM performs Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA), undisclosed requests may cause an increase in memory use. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K79428827",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.f5.com/csp/article/K79428827"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2021-09-27T16:36Z",
      "publishedDate": "2021-09-14T14:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-23047 (GCVE-0-2021-23047)

GHSA-5CJP-4H3F-M7R2

CNVD-2021-65639

VAR-202109-0785

CERTFR-2021-AVI-664

Solution

CERTFR-2021-AVI-664

Solution

FKIE_CVE-2021-23047

GSD-2021-23047

Tags

Sightings

Nomenclature