CVE-2021-22976 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-22976 PUBLISHED CVSS 7.5 HIGH

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

EPSS 0.65% · 70.6th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.65%

70.6th percentile

Affected Products

Vendor	Product	Versions
n/a	BIG-IP Advanced WAF & BIG-IP ASM	16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions
f5	big-ip_application_security_manager	16.0.0, 12.1.0, 13.1.0
f5	big-ip_advanced_web_application_firewall	12.1.0, 13.1.0, 14.1.0

Timeline

Feb 12, 2021 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score

References

https://support.f5.com/csp/article/K88230177 url
https://nvd.nist.gov/vuln/detail/CVE-2021-22976 advisory
https://support.f5.com/csp/article/K04518313 advisory
https://support.f5.com/csp/article/K13323323 advisory
https://support.f5.com/csp/article/K25595031 advisory
https://support.f5.com/csp/article/K42142782 advisory

Open in Interactive Console →