{ "id": "CVE-2021-23009", "sourceIdentifier": "f5sirt@f5.com", "published": "2021-05-10T15:15:07.360", "lastModified": "2021-05-21T13:51:27.047", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "On BIG-IP version 16.0.x before 16.0.1.1 and 15.1.x before 15.1.3, malformed HTTP/2 requests may cause an infinite loop which causes a Denial of Service for Data Plane traffic. TMM takes the configured HA action when the TMM process is aborted. There is no control plane exposure, this is a data plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated." }, { "lang": "es", "value": "En BIG-IP versi\u00f3n 16.0.x anterior a 16.0.1.1 y 15.1.x anterior a 15.1.3, las peticiones HTTP/2 malformadas pueden causar un bucle infinito que provoca una Denegaci\u00f3n de Servicio para el Data Plane traffic. TMM toma la acci\u00f3n HA configurada cuando se cancela el proceso de TMM. No existe exposici\u00f3n del plano de control, esto es solo un problema del plano de datos. Nota: No se eval\u00faan las versiones de software que hayan alcanzado el End of Technical Support (EoTS)" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 10.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-835" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.3", "matchCriteriaId": "5F04F2FB-12C2-4BC4-AFBB-9DA82E53D7EF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.1.1", "matchCriteriaId": "A7706F70-BF89-480E-9AA6-3FE447375138" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.3", "matchCriteriaId": "FA17368C-7B1F-4B73-8296-3FC2656C0F04" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.1.1", "matchCriteriaId": "0A84A8D4-9047-46D2-9C26-03C977D47AE4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.3", "matchCriteriaId": "55E9A0EB-8118-400B-B901-80A8AAFC212F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.1.1", "matchCriteriaId": "6B9117DA-6AA9-4704-A092-B1D426E6370D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.3", "matchCriteriaId": "3EC583B6-59E2-431B-A574-0A700F5713A6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.1.1", "matchCriteriaId": "4AE6833C-FF7C-4249-BF98-453645EEF8D9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.3", "matchCriteriaId": "06D8F5CC-FD05-42EA-A3F2-49BB4A5009F3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.1.1", "matchCriteriaId": "51E3E0A3-8A75-43F8-8E8A-0C07345B88FD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.3", "matchCriteriaId": "23CFD951-1C6F-4EE5-B8AA-06F29744F082" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.1.1", "matchCriteriaId": "7BB77EFF-A064-4475-A93C-5D5BA9313724" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.3", "matchCriteriaId": "92C9E947-BEF9-44CF-B129-D2BC0ECD5588" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ddos_hybrid_defender:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.1.1", "matchCriteriaId": "40239D12-142E-4D36-A89E-0F7AB91B665A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.3", "matchCriteriaId": "E2E2832C-0C5D-4051-A85B-162C5BF11DEE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.1.1", "matchCriteriaId": "87CA1319-92D4-4C2F-B5D4-A2E86F538007" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.3", "matchCriteriaId": "247A56A6-5486-49C4-88B1-4251337044AB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.1.1", "matchCriteriaId": "7FE9EF68-055B-40B2-A676-C4C7FAAF77B3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.3", "matchCriteriaId": "9E599573-DAE5-4481-9BA0-7796D7101E67" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.1.1", "matchCriteriaId": "BD28DA4B-F671-41B8-B231-24D28682FE8F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.3", "matchCriteriaId": "D67E4394-E1CC-4492-95E7-DCDA13049517" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.1.1", "matchCriteriaId": "47980A60-F9B6-47EE-AD74-4D6D03A71AD0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.3", "matchCriteriaId": "1B6F6F41-B775-4A79-8284-C7BE0DA49DAA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.1.1", "matchCriteriaId": "B0901863-B55A-4C97-B9AC-B537D242D2BF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.3", "matchCriteriaId": "50D58AEB-BB36-45A9-99D7-DC028F900707" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.1.1", "matchCriteriaId": "85065C6E-71F2-42B8-A169-51174987B8AF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.1.0", "versionEndExcluding": "15.1.3", "matchCriteriaId": "2F071628-CC1B-4465-933D-7E5302DCC3A2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:f5:big-ip_ssl_orchestrator:*:*:*:*:*:*:*:*", "versionStartIncluding": "16.0.0", "versionEndExcluding": "16.0.1.1", "matchCriteriaId": "E4ADE8D9-D1EF-4591-AB3C-93D06BE701EC" } ] } ] } ], "references": [ { "url": "https://support.f5.com/csp/article/K90603426", "source": "f5sirt@f5.com", "tags": [ "Vendor Advisory" ] } ] }