Kerberos Authentication Bypass in BIG-IP APM Active Directory by F5 Networks
CVE-2021-23008

9.8CRITICAL

Key Information:

Vendor: F5
Status: Big-ip Apm
Vendor: CVE Published:; 10 May 2021

Summary

A vulnerability exists in F5 Networks' BIG-IP APM where Active Directory authentication can be compromised due to a spoofed AS-REP response. This issue affects versions 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, along with all versions of 16.0.x and 11.6.x. An attacker could exploit this flaw by using a hijacked Key Distribution Center (KDC) connection or a compromised Active Directory server, potentially bypassing authentication mechanisms designed to protect sensitive data and access control.

Affected Version(s)

BIG-IP APM 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and all versions of 16.0.x and 11.6.x.

References

https://support.f5.com/csp/article/K51213246

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2021
Vulnerability Reserved
Jan 6, 2021