Main Vulnerability Database SB2021021106

SB2021021106 - MitM-attack in BIG-IP SSL/TLS implementation

Published: February 11, 2021

Security Bulletin ID SB2021021106

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cryptographic issues (CVE-ID: CVE-2021-22981)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627. TLS connections that do not use EMS are vulnerable to man-in-the-middle attacks during renegotiation.

Remediation

Install update from vendor's website.

References

https://support.f5.com/csp/article/K09121542

Vulnerable Software

BIG-IP: 11.6.1 - 12.1.5.2
BIG-IP LTM: 11.6.1 - 12.1.5.2
BIG-IP AAM: 11.6.1 - 12.1.5.2
BIG-IP Advanced WAF: 11.6.1 - 12.1.5.2
BIG-IP AFM: 11.6.1 - 12.1.5.2
BIG-IP Analytics: 11.6.1 - 12.1.5.2
BIG-IP APM: 11.6.1 - 12.1.5.2
BIG-IP ASM: 11.6.1 - 12.1.5.2
BIG-IP DDHD: 11.6.1 - 12.1.5.2
BIG-IP DNS: 11.6.1 - 12.1.5.2
BIG-IP FPS: 11.6.1 - 12.1.5.2
BIG-IP GTM: 11.6.1 - 12.1.5.2
BIG-IP Link Controller: 11.6.1 - 12.1.5.2
BIG-IP PEM: 11.6.1 - 12.1.5.2
BIG-IP SSLO: 11.6.1 - 12.1.5.2

SB2021021106 - MitM-attack in BIG-IP SSL/TLS implementation

Breakdown by Severity

Description

Remediation

References

Please verify you're human