Denial of Service Vulnerability in BIG-IP APM by F5 Networks
CVE-2021-22985

7.5HIGH

Key Information:

Vendor: F5
Status: Big-ip Apm
Vendor: CVE Published:; 12 February 2021

What is CVE-2021-22985?

The BIG-IP APM by F5 Networks is susceptible to a Denial of Service (DoS) condition. In versions prior to 16.0.1.1 of BIG-IP APM, under specific circumstances while managing VPN traffic, the Traffic Management Microkernel (TMM) may experience excessive memory consumption. This issue allows an authenticated malicious VPN user to exploit the vulnerability, potentially leading to a DoS attack on the Application Policy Manager (APM). It's important to note that software versions that have reached End of Software Development (EoSD) are not subject to this evaluation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

BIG-IP APM 16.0.x before 16.0.1.1

References

https://support.f5.com/csp/article/K88162221

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2021
Vulnerability Reserved
Jan 6, 2021

JSON

F5

What is CVE-2021-22985?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.