CVE-2021-23051 - OpenCVE

On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This is due to an incomplete fix for CVE-2020-5862. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
F5	Big-ip Advanced Web Application Firewall Big-ip Analytics Big-ip Access Policy Manager Big-ip Link Controller Big-ip Application Acceleration Manager Big-ip Fraud Protection Service Big-ip Domain Name System Big-ip Global Traffic Manager Big-ip Advanced Firewall Manager Big-ip Local Traffic Manager Big-ip Application Security Manager

Configuration 1 [-]

OR	cpe:2.3:a:f5:big-ip_access_policy_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_firewall_manager::::::::
	cpe:2.3:a:f5:big-ip_advanced_web_application_firewall::::::::
	cpe:2.3:a:f5:big-ip_analytics::::::::
	cpe:2.3:a:f5:big-ip_application_acceleration_manager::::::::
	cpe:2.3:a:f5:big-ip_application_security_manager::::::::
	cpe:2.3:a:f5:big-ip_domain_name_system::::::::
	cpe:2.3:a:f5:big-ip_fraud_protection_service::::::::
	cpe:2.3:a:f5:big-ip_global_traffic_manager::::::::
	cpe:2.3:a:f5:big-ip_link_controller::::::::
	cpe:2.3:a:f5:big-ip_local_traffic_manager::::::::

References

Link	Resource
https://support.f5.com/csp/article/K01153535	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: f5

Published: 2021-09-14T12:13:16

Updated: 2021-09-14T12:13:16

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-23051

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-14T13:15:11.193

Modified: 2021-09-27T17:21:53.363

Link: CVE-2021-23051

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "BIG-IP", "vendor": "n/a", "versions": [{"status": "affected", "version": "15.1.0.4-15.1.3"}]}], "descriptions": [{"lang": "en", "value": "On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This is due to an incomplete fix for CVE-2020-5862. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-14T12:13:16", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.f5.com/csp/article/K01153535"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "f5sirt@f5.com", "ID": "CVE-2021-23051", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIG-IP", "version": {"version_data": [{"version_value": "15.1.0.4-15.1.3"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This is due to an incomplete fix for CVE-2020-5862. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K01153535", "refsource": "MISC", "url": "https://support.f5.com/csp/article/K01153535"}]}}}}, "cveMetadata": {"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2021-23051", "datePublished": "2021-09-14T12:13:16", "dateReserved": "2021-01-06T00:00:00", "dateUpdated": "2021-09-14T12:13:16", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F0ECDE7-241C-4758-A13B-6E5EF55CBD71", "versionEndExcluding": "15.1.3.1", "versionStartIncluding": "15.1.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC661C49-1879-4B08-BAD8-53E90F06307A", "versionEndExcluding": "15.1.3.1", "versionStartIncluding": "15.1.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA69A5BA-ADE7-4FE2-9F09-DA82D435ED2E", "versionEndExcluding": "15.1.3.1", "versionStartIncluding": "15.1.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "B6E4774B-47F1-43E1-8904-1F38A11A5059", "versionEndExcluding": "15.1.3.1", "versionStartIncluding": "15.1.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E40EE5E1-39A3-48CB-AC4B-4CE0DEE1A7B5", "versionEndExcluding": "15.1.3.1", "versionStartIncluding": "15.1.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F504154-98BB-40ED-9A84-9E71DD61371E", "versionEndExcluding": "15.1.3.1", "versionStartIncluding": "15.1.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A338F0A-105E-4857-BA6C-9BAD4304C852", "versionEndExcluding": "15.1.3.1", "versionStartIncluding": "15.1.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "1466B615-0A6F-445F-B6A3-C02A8F57023B", "versionEndExcluding": "15.1.3.1", "versionStartIncluding": "15.1.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1C9BA7D-D4A1-4960-9048-7DA861D0632C", "versionEndExcluding": "15.1.3.1", "versionStartIncluding": "15.1.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D45A549-CBC6-4A76-B3F8-35E6150774DC", "versionEndExcluding": "15.1.3.1", "versionStartIncluding": "15.1.0.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "59E41916-5F06-420C-898D-EAC98EB743D1", "versionEndExcluding": "15.1.3.1", "versionStartIncluding": "15.1.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "On BIG-IP versions 15.1.0.4 through 15.1.3, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP on Amazon Web Services (AWS) systems, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This is due to an incomplete fix for CVE-2020-5862. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."}, {"lang": "es", "value": "En BIG-IP versiones 15.1.0.4 hasta 15.1.3 , cuando es usado el controlador Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) con BIG-IP en sistemas de Amazon Web Services (AWS), las peticiones no divulgadas pueden causar la finalizaci\u00f3n del Traffic Management Microkernel (TMM). Esto es debido a una correcci\u00f3n incompleta de CVE-2020-5862. Nota: Las versiones de software que han alcanzado End of Technical Support (EoTS) no son evaluadas"}], "id": "CVE-2021-23051", "lastModified": "2021-09-27T17:21:53.363", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-14T13:15:11.193", "references": [{"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K01153535"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "f5sirt@f5.com", "type": "Secondary"}]}