Information disclosure in F5 BIG-IP APM
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-23002 |
| CWE-ID | CWE-200 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
BIG-IP APM Hardware solutions / Security hardware applicances APM Clients Hardware solutions / Security hardware applicances |
| Vendor | F5 Networks |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Information disclosure
EUVDB-ID: #VU51601
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-23002
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to the session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system. A remote administrator on the local network can view the session ID.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBIG-IP APM: 11.6.1 HF1 - 16.0.1
APM Clients: 7.1.5 - 7.2.1
CPE2.3- cpe:2.3:h:f5_networks:big-ip_apm:11.6.1:HF1:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_apm:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_apm:11.6.2:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_apm_client:7.1.5:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_apm_client:7.1.6:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_apm_client:7.1.7:*:*:*:*:*:*:*
https://support.f5.com/csp/article/K71891773
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
