CVE-2021-23013
HIGHBIG-IP <16.0.1.1, 15.1.x <15.1.3, 14.1.x <14.1.4, 13.1.x <13.1.3.6,...
Title source: llmDescription
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, the Traffic Management Microkernel (TMM) may stop responding when processing Stream Control Transmission Protocol (SCTP) traffic under certain conditions. This vulnerability affects TMM by way of a virtual server configured with an SCTP profile. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References (2)
Core 2
Core References
Not Applicable, Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K04234247
Vendor Advisory
https://support.f5.com/csp/article/K05300051
Scores
CVSS v3
7.5
EPSS
0.0080
EPSS Percentile
74.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (14)
f5/big-ip_access_policy_manager
12.1.0 - 12.1.5.3
f5/big-ip_advanced_firewall_manager
12.1.0 - 12.1.5.3
f5/big-ip_advanced_web_application_firewall
12.1.0 - 12.1.5.3
f5/big-ip_analytics
12.1.0 - 12.1.5.3
f5/big-ip_application_acceleration_manager
12.1.0 - 12.1.5.3
f5/big-ip_application_security_manager
12.1.0 - 12.1.5.3
f5/big-ip_ddos_hybrid_defender
12.1.0 - 12.1.5.3
f5/big-ip_domain_name_system
12.1.0 - 12.1.5.3
f5/big-ip_fraud_protection_service
12.1.0 - 12.1.5.3
f5/big-ip_global_traffic_manager
12.1.0 - 12.1.5.3
... and 4 more
Published
May 10, 2021
Tracked Since
Feb 18, 2026