Sign-up

ID

VAR-202105-0645


CVE

CVE-2021-23010


TITLE

BIG-IP ASM  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-006799

DESCRIPTION

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-IP ASM bd process may produce a core file. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP ASM Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. F5 BIG-IP ASM is a Web Application Firewall (WAF) of F5 Corporation in the United States, which provides secure remote access, protects emails, simplifies Web access control, and enhances network and application performance. BIG-IP ASM has an input validation error vulnerability due to insufficient validation of user-supplied input. The following products and versions are affected: BIG-IP ASM: 12.1.0, 12.1.0 HF1, 12.1.1, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2 , 12.1.3.4, 12.1.4, 12.1.5, 12.1.5.1, 12.1.5.2, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.6, 13.1.0.8, 13.1 .1, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.4, 14.1.0, 14.1.0.3.0.79.6 ENG Hotfix, 14.1.0.3.0.97.6 ENG Hotfix, 14.1.0.3 .0.99.6 ENG Hotfix, 14.1.0.5.0.15.5 ENG Hotfix, 14.1.0.5.0.36.5 ENG Hotfix, 14.1.0.5.0.40.5 ENG Hotfix, 14.1.0.6, 14.1.0.6.0.11.9 ENG Hotfix , 14.1.0.6.0.14.9 ENG Hotfix, 14.1.0.6.0.68.9 ENG Hotfix, 14.1.0.6.0.70.9 ENG Hotfix, 14.1.1, 14.1.2, 14.1.2-0.89.37, 14.1.2.0 .11.37 ENG Hotfix, 14.1.2.0.18.37 ENG Hotfix, 14.1.2.0.32.37 ENG Hotfix, 14.1.2.1, 14.1.2.1.0.14.4 ENG Hotfix, 14.1.2.1

Trust: 2.34

sources: NVD: CVE-2021-23010 // JVNDB: JVNDB-2021-006799 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-381496 // VULMON: CVE-2021-23010

AFFECTED PRODUCTS

vendor:f5model:big-ip application security managerscope:lteversion:13.1.3.5

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:15.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:13.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:16.0.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:14.1.3.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:12.1.5.3

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:15.1.2

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:14.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:gteversion:12.1.0

Trust: 1.0

vendor:f5model:big-ip application security managerscope:lteversion:16.0.1.1

Trust: 1.0

vendor:f5model:big-ip application security managerscope:ltversion:16.0.x

Trust: 0.8

vendor:f5model:big-ip application security managerscope:ltversion:13.1.x

Trust: 0.8

vendor:f5model:big-ip application security managerscope:eqversion:16.0.1.1

Trust: 0.8

vendor:f5model:big-ip application security managerscope:eqversion:12.1.5.3

Trust: 0.8

vendor:f5model:big-ip application security managerscope:ltversion:15.1.x

Trust: 0.8

vendor:f5model:big-ip application security managerscope:eqversion:15.1.2

Trust: 0.8

vendor:f5model:big-ip application security managerscope:eqversion: -

Trust: 0.8

vendor:f5model:big-ip application security managerscope:ltversion:12.1.x

Trust: 0.8

vendor:f5model:big-ip application security managerscope:ltversion:14.1.x

Trust: 0.8

vendor:f5model:big-ip application security managerscope:eqversion:14.1.3.1

Trust: 0.8

vendor:f5model:big-ip application security managerscope:eqversion:13.1.3.5

Trust: 0.8

sources: JVNDB: JVNDB-2021-006799 // NVD: CVE-2021-23010

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-23010
value: HIGH

Trust: 1.0

NVD: CVE-2021-23010
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-2135
value: HIGH

Trust: 0.6

VULHUB: VHN-381496
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-23010
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-23010
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-381496
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-23010
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-23010
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-381496 // VULMON: CVE-2021-23010 // JVNDB: JVNDB-2021-006799 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2135 // NVD: CVE-2021-23010

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-006799 // NVD: CVE-2021-23010

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2135

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:K18570111url:https://support.f5.com/csp/article/K18570111

Trust: 0.8

title:F5 BIG-IP ASM Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151190

Trust: 0.6

sources: JVNDB: JVNDB-2021-006799 // CNNVD: CNNVD-202104-2135

EXTERNAL IDS

db:NVDid:CVE-2021-23010

Trust: 3.4

db:JVNDBid:JVNDB-2021-006799

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021042914

Trust: 0.6

db:AUSCERTid:ESB-2021.1451

Trust: 0.6

db:CNNVDid:CNNVD-202104-2135

Trust: 0.6

db:VULHUBid:VHN-381496

Trust: 0.1

db:VULMONid:CVE-2021-23010

Trust: 0.1

sources: VULHUB: VHN-381496 // VULMON: CVE-2021-23010 // JVNDB: JVNDB-2021-006799 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2135 // NVD: CVE-2021-23010

REFERENCES

url:https://support.f5.com/csp/article/k18570111

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-23010

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1451

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042914

Trust: 0.6

url:https://vigilance.fr/vulnerability/f5-big-ip-denial-of-service-via-websocket-35193

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-381496 // VULMON: CVE-2021-23010 // JVNDB: JVNDB-2021-006799 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-2135 // NVD: CVE-2021-23010

SOURCES

db:VULHUBid:VHN-381496
db:VULMONid:CVE-2021-23010
db:JVNDBid:JVNDB-2021-006799
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202104-2135
db:NVDid:CVE-2021-23010

LAST UPDATE DATE

2024-08-14T12:30:43.302000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-381496date:2021-05-19T00:00:00
db:VULMONid:CVE-2021-23010date:2021-05-19T00:00:00
db:JVNDBid:JVNDB-2021-006799date:2022-01-20T07:25:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202104-2135date:2021-05-20T00:00:00
db:NVDid:CVE-2021-23010date:2021-05-19T18:16:44.553

SOURCES RELEASE DATE

db:VULHUBid:VHN-381496date:2021-05-10T00:00:00
db:VULMONid:CVE-2021-23010date:2021-05-10T00:00:00
db:JVNDBid:JVNDB-2021-006799date:2022-01-20T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202104-2135date:2021-04-29T00:00:00
db:NVDid:CVE-2021-23010date:2021-05-10T15:15:07.397