VDB
CVE-2021-22991
CVE-2021-22991
PUBLISHED
KEV
CVSS 6.800000190734863 MEDIUM
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may theoretically allow bypass of URL based access control or remote code execution (RCE). Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
EPSS 73.09% · 98.8th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
73.09%
98.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| f5 | big-ip_ddos_hybrid_defender | 12.1.0, 16.0.0, 15.1.0 |
| f5 | big-ip_advanced_web_application_firewall | 15.1.0, 14.1.0, 12.1.0 |
| f5 | big-ip_fraud_protection_service | 16.0.0, 12.1.0, 13.1.0 |
| f5 | big-ip_access_policy_manager | 14.1.0, 12.1.0, 13.1.0 |
| f5 | big-ip_global_traffic_manager | 15.1.0, 12.1.0, 13.1.0 |
| f5 | big-ip_local_traffic_manager | 12.1.0, 16.0.0, 15.1.0 |
| f5 | big-ip_application_security_manager | 13.1.0, 12.1.0, 16.0.0 |
| f5 | big-ip_application_acceleration_manager | 12.1.0, 16.0.0, 15.1.0 |
| f5 | big-ip_link_controller | 15.1.0, 12.1.0, 13.1.0 |
| f5 | big-ip_analytics | 16.0.0, 12.1.0, 13.1.0 |
| f5 | big-ip_advanced_firewall_manager | 14.1.0, 13.1.0, 12.1.0 |
| f5 | big-ip_domain_name_system | 14.1.0, 12.1.0, 13.1.0 |
| f5 | big-ip_policy_enforcement_manager | 14.1.0, 13.1.0, 16.0.0 |
| n/a | BIG-IP | * |
| f5 | ssl_orchestrator | 13.1.0, 12.1.0, 15.1.0 |
Exploit Intelligence
- CIRCL seen: CVE-2021-22991 (circl-sighting)
- CIRCL seen: CVE-2021-22991 (circl-sighting)
- CIRCL seen: CVE-2021-22991 (circl-sighting)
- CIRCL seen: CVE-2021-22991 (circl-sighting)
- CIRCL seen: CVE-2021-22991 (circl-sighting)
- CIRCL seen: CVE-2021-22991 (circl-sighting)
- CIRCL exploited: CVE-2021-22991 (circl-sighting)
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22991 (circl)
- https://support.f5.com/csp/article/K56715231 (circl)
- ET EXPLOIT Possible F5 BIG-IP Infoleak and Out-of-Bounds Write Inbound (CVE-2021-22991) (emergingthreats)
…and 79 more exploits
Timeline
- Mar 11, 2021 CVE Published
- Mar 11, 2021 PoC Published
- Mar 12, 2021 PoC Published
- Mar 12, 2021 PoC Published
- Mar 18, 2021 PoC Published
- Apr 14, 2021 EPSS Score
- Sep 23, 2021 PoC Published
- Jan 6, 2022 EPSS Score
- Jan 18, 2022 CISA KEV Added
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://support.f5.com/csp/article/K03009991 advisory
- https://support.f5.com/csp/article/K68251873 advisory
- https://support.f5.com/csp/article/K67830124 advisory
- https://support.f5.com/csp/article/K66851119 advisory
- https://support.f5.com/csp/article/K56715231 advisory
- https://support.f5.com/csp/article/K51674118 advisory
- https://support.f5.com/csp/article/K18132488 advisory
- https://support.f5.com/csp/article/K45056101 advisory
- https://support.f5.com/csp/article/K52510511 advisory
- https://support.f5.com/csp/article/K70031188 advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22991 url
- https://nvd.nist.gov/vuln/detail/CVE-2021-22991 advisory