Denial of Service Vulnerability in BIG-IP APM by F5 Networks
CVE-2021-22985

7.5HIGH

Key Information:

Vendor: F5
Status: Big-ip Apm
Vendor: CVE Published:; 12 February 2021

What is CVE-2021-22985?

The BIG-IP APM by F5 Networks is susceptible to a Denial of Service (DoS) condition. In versions prior to 16.0.1.1 of BIG-IP APM, under specific circumstances while managing VPN traffic, the Traffic Management Microkernel (TMM) may experience excessive memory consumption. This issue allows an authenticated malicious VPN user to exploit the vulnerability, potentially leading to a DoS attack on the Application Policy Manager (APM). It's important to note that software versions that have reached End of Software Development (EoSD) are not subject to this evaluation.

Affected Version(s)

BIG-IP APM 16.0.x before 16.0.1.1

References

https://support.f5.com/csp/article/K88162221

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 12, 2021
Vulnerability Reserved
Jan 6, 2021