CVE-2021-23044

HIGH

F5 Big-ip Access Policy Manager < 11.6.5 - Improper Input Validation

Title source: rule
STIX 2.1

Description

On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when the Intel QuickAssist Technology (QAT) compression driver is used on affected BIG-IP hardware and BIG-IP Virtual Edition (VE) platforms, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K35408374

Scores

CVSS v3 7.5
EPSS 0.0089
EPSS Percentile 75.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (11)
f5/big-ip_access_policy_manager 11.6.0 - 11.6.5
f5/big-ip_advanced_firewall_manager 11.6.0 - 11.6.5
f5/big-ip_analytics 11.6.0 - 11.6.5
f5/big-ip_application_acceleration_manager 11.6.0 - 11.6.5
f5/big-ip_application_security_manager 11.6.0 - 11.6.5
f5/big-ip_domain_name_system 11.6.0 - 11.6.5
f5/big-ip_fraud_protection_service 11.6.0 - 11.6.5
f5/big-ip_global_traffic_manager 11.6.0 - 11.6.5
f5/big-ip_link_controller 11.6.0 - 11.6.5
f5/big-ip_local_traffic_manager 11.6.0 - 11.6.5
... and 1 more
Published Sep 14, 2021
Tracked Since Feb 18, 2026