CVE-2021-22998

MEDIUM

BIG-IP <16.0.1.1, 15.1.2.1, 14.1.4, 13.1.3.6, 12.1.5.3, 11.6.5.3 - DoS

Title source: llm
STIX 2.1

Description

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, SYN flood protection thresholds are not enforced in secure network address translation (SNAT) listeners. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K31934524

Scores

CVSS v3 5.3
EPSS 0.0063
EPSS Percentile 70.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

Status published
Products (14)
f5/big-ip_access_policy_manager 11.6.1 - 11.6.5.3
f5/big-ip_advanced_firewall_manager 11.6.1 - 11.6.5.3
f5/big-ip_advanced_web_application_firewall 11.6.1 - 11.6.5.3
f5/big-ip_analytics 11.6.1 - 11.6.5.3
f5/big-ip_application_acceleration_manager 11.6.1 - 11.6.5.3
f5/big-ip_application_security_manager 11.6.1 - 11.6.5.3
f5/big-ip_ddos_hybrid_defender 11.6.1 - 11.6.5.3
f5/big-ip_domain_name_system 11.6.1 - 11.6.5.3
f5/big-ip_fraud_protection_service 11.6.1 - 11.6.5.3
f5/big-ip_global_traffic_manager 11.6.1 - 11.6.5.3
... and 4 more
Published Mar 31, 2021
Tracked Since Feb 18, 2026