Brute Force Protection Flaw in BIG-IP Advanced WAF and ASM by F5 Networks
CVE-2021-23053

5.3MEDIUM

Key Information:

Vendor: F5
Status: Big-ip Advanced Waf And Big-ip Asm
Vendor: CVE Published:; 14 September 2021

Summary

A flaw exists in the brute force protection feature of F5 Networks' BIG-IP Advanced WAF and BIG-IP ASM. When enabled on a virtual server and subjected to a brute force attack, this vulnerability may cause the MySQL database to run out of disk space. This issue arises from a lack of row limit on certain undisclosed tables in the MySQL database, potentially leading to service disruption. Affected versions include 15.1.x prior to 15.1.3, 14.1.x prior to 14.1.3.1, and 13.1.x prior to 13.1.3.6. It's important to note that software versions that have reached End of Technical Support (EoTS) are not evaluated for this vulnerability.

Affected Version(s)

BIG-IP Advanced WAF and BIG-IP ASM 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6

References

https://support.f5.com/csp/article/K36942191

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 14, 2021
Vulnerability Reserved
Jan 6, 2021