CVE-2021-23004

HIGH

BIG-IP <16.0.1.1, 15.1.x <15.1.2, 14.1.x <14.1.3.1, 13.1.x <13.1.3....

Title source: llm
STIX 2.1

Description

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, Multipath TCP (MPTCP) forwarding flows may be created on standard virtual servers without MPTCP enabled in the applied TCP profile. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K31025212

Scores

CVSS v3 7.5
EPSS 0.0065
EPSS Percentile 71.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (14)
f5/big-ip_access_policy_manager 11.6.1 - 11.6.5.3
f5/big-ip_advanced_firewall_manager 11.6.1 - 11.6.5.3
f5/big-ip_advanced_web_application_firewall 11.6.1 - 11.6.5.3
f5/big-ip_analytics 11.6.1 - 11.6.5.3
f5/big-ip_application_acceleration_manager 11.6.1 - 11.6.5.3
f5/big-ip_application_security_manager 11.6.1 - 11.6.5.3
f5/big-ip_ddos_hybrid_defender 11.6.1 - 11.6.5.3
f5/big-ip_domain_name_system 11.6.1 - 11.6.5.3
f5/big-ip_fraud_protection_service 11.6.1 - 11.6.5.3
f5/big-ip_global_traffic_manager 11.6.1 - 11.6.5.3
... and 4 more
Published Mar 31, 2021
Tracked Since Feb 18, 2026