Transport Layer Security Flaw in BIG-IQ by F5 Networks
CVE-2021-23005

9.1CRITICAL

Key Information:

Vendor: F5
Status: Big-iq
Vendor: CVE Published:; 31 March 2021

What is CVE-2021-23005?

The identified vulnerability affects F5 Networks' BIG-IQ versions 7.x and 6.x, where the system using Quorum devices for high availability (HA) fails to employ Transport Layer Security (TLS) during communication with the Corosync protocol. This oversight in encrypting data can expose sensitive information to potential interception and compromise the integrity of failover operations. Users are advised to upgrade to version 8.0.0 or apply mitigations to safeguard their deployments.

Affected Version(s)

BIG-IQ All 7.x and 6.x versions

References

https://support.f5.com/csp/article/K01243064

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2021
Vulnerability Reserved
Jan 6, 2021