Details of VAR-202103-0821

ID

VAR-202103-0821

CVE

CVE-2021-23005

TITLE

BIG-IQ Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-005102

DESCRIPTION

On all 7.x and 6.x versions (fixed in 8.0.0), when using a Quorum device for BIG-IQ high availability (HA) for automatic failover, BIG-IQ does not make use of Transport Layer Security (TLS) with the Corosync protocol. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. BIG-IQ Contains an unspecified vulnerability.Information may be obtained and information may be tampered with. F5 BIG-IQ is a set of software-based cloud management solutions from F5 Corporation of the United States. The solution supports the deployment of application delivery and network services across public and private clouds, traditional data centers and hybrid environments

Trust: 1.71

sources: NVD: CVE-2021-23005 // JVNDB: JVNDB-2021-005102 // VULHUB: VHN-381491

AFFECTED PRODUCTS

vendor:	f5	model:	big-iq centralized management	scope:	gte	version:	6.0.0	Trust: 1.0
vendor:	f5	model:	big-iq centralized management	scope:	lt	version:	8.0.0	Trust: 1.0
vendor:	f5	model:	big-iq centralized management	scope:	eq	version:	7.x	Trust: 0.8
vendor:	f5	model:	big-iq centralized management	scope:	eq	version:	6.x	Trust: 0.8
vendor:	f5	model:	big-iq centralized management	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-005102 // NVD: CVE-2021-23005

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-23005
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-23005
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202103-825
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-381491
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-23005
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-381491
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-23005
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-23005
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-381491 // JVNDB: JVNDB-2021-005102 // CNNVD: CNNVD-202103-825 // NVD: CVE-2021-23005

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-005102 // NVD: CVE-2021-23005

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-825

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202103-825

PATCH

title:	K01243064	url:	https://support.f5.com/csp/article/K01243064	Trust: 0.8
title:	F5 BIG-IP Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=146567	Trust: 0.6
title:	F5_Vulnerability	url:	https://github.com/DNTYO/F5_Vulnerability	Trust: 0.1

sources: VULMON: CVE-2021-23005 // JVNDB: JVNDB-2021-005102 // CNNVD: CNNVD-202103-825

EXTERNAL IDS

db:	NVD	id:	CVE-2021-23005	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-005102	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-825	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.0867	Trust: 0.6
db:	VULHUB	id:	VHN-381491	Trust: 0.1
db:	VULMON	id:	CVE-2021-23005	Trust: 0.1

sources: VULHUB: VHN-381491 // VULMON: CVE-2021-23005 // JVNDB: JVNDB-2021-005102 // CNNVD: CNNVD-202103-825 // NVD: CVE-2021-23005

REFERENCES

url:	https://support.f5.com/csp/article/k01243064	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-23005	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.0867	Trust: 0.6
url:	https://github.com/dntyo/f5_vulnerability	Trust: 0.1

sources: VULHUB: VHN-381491 // VULMON: CVE-2021-23005 // JVNDB: JVNDB-2021-005102 // CNNVD: CNNVD-202103-825 // NVD: CVE-2021-23005

SOURCES

db:	VULHUB	id:	VHN-381491
db:	VULMON	id:	CVE-2021-23005
db:	JVNDB	id:	JVNDB-2021-005102
db:	CNNVD	id:	CNNVD-202103-825
db:	NVD	id:	CVE-2021-23005

LAST UPDATE DATE

2024-11-23T22:47:40.963000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-381491	date:	2021-04-06T00:00:00
db:	VULMON	id:	CVE-2021-23005	date:	2021-04-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-005102	date:	2021-12-07T09:09:00
db:	CNNVD	id:	CNNVD-202103-825	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2021-23005	date:	2024-11-21T05:51:08.200

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-381491	date:	2021-03-31T00:00:00
db:	VULMON	id:	CVE-2021-23005	date:	2021-03-31T00:00:00
db:	JVNDB	id:	JVNDB-2021-005102	date:	2021-12-07T00:00:00
db:	CNNVD	id:	CNNVD-202103-825	date:	2021-03-11T00:00:00
db:	NVD	id:	CVE-2021-23005	date:	2021-03-31T18:15:15.567