CVE-2021-22981

Severity

48%

Complexity

22%

Confidentiality

41%

On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627. TLS connections that do not use EMS are vulnerable to man-in-the-middle attacks during renegotiation. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS 3.1 Base Score 4.8. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N).

Overview

Type

F5

First reported 4 years ago

2021-02-12 18:15:00

Last updated 4 years ago

2021-02-19 17:14:00

Affected Software

F5 Big-IP Access Policy Manager (APM)

F5 Big-IP Advanced Firewall Manager (AFM)

F5 Big-IP Analytics

F5 Big-IP Application Acceleration Manager (AAM)

F5 Big-IP Application Security Manager (ASM)

F5 Big-IP Domain Name System (DNS)

F5 Big-IP Fraud Protection Service (FPS)

F5 Big-IP Global Traffic Manager (GTM)

F5 Big-IP Link Controller

F5 Networks Big-IP Local Traffic Manager (LTM)

F5 Big-IP Policy Enforcement Manager (PEM)

References

https://support.f5.com/csp/article/K09121542

https://support.f5.com/csp/article/K09121542

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.