Denial of Service Vulnerability in F5 BIG-IP DNS
CVE-2021-23032

7.5HIGH

Key Information:

Vendor: F5
Status: Big-ip Dns
Vendor: CVE Published:; 14 September 2021

Summary

This vulnerability affects the F5 BIG-IP DNS, where non-default Wide IP and pool settings may lead to undisclosed DNS responses that can cause the Traffic Management Microkernel (TMM) to terminate unexpectedly. This scenario can create a denial of service, impacting the availability of DNS services for users. Organizations should ensure they are running the latest supported versions to mitigate this issue. Note that software versions that have reached End of Technical Support (EoTS) are not evaluated for this vulnerability.

Affected Version(s)

BIG-IP DNS 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x

References

https://support.f5.com/csp/article/K45407662

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 14, 2021
Vulnerability Reserved
Jan 6, 2021