CVE-2021-22981

On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627. TLS connections that do not use EMS are vulnerable to man-in-the-middle attacks during renegotiation. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Published: Feb 12, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-22981
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.8
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
f5 / big-ip_local_traffic_manager	12.1.0	12.1.5.x
f5 / big-ip_advanced_firewall_manager	12.1.0	12.1.5.x
f5 / big-ip_application_acceleration_manager	12.1.0	12.1.5.x
f5 / big-ip_analytics	12.1.0	12.1.5.x
f5 / big-ip_access_policy_manager	12.1.0	12.1.5.x
f5 / big-ip_application_security_manager	12.1.0	12.1.5.x
f5 / big-ip_fraud_protection_service	12.1.0	12.1.5.x
f5 / big-ip_global_traffic_manager	12.1.0	12.1.5.x
f5 / big-ip_link_controller	12.1.0	12.1.5.x
f5 / big-ip_policy_enforcement_manager	12.1.0	12.1.5.x
f5 / big-ip_domain_name_system	12.1.0	12.1.5.x
f5 / big-ip_access_policy_manager	11.6.1	11.6.5.x
f5 / big-ip_advanced_firewall_manager	11.6.1	11.6.5.x
f5 / big-ip_analytics	11.6.1	11.6.5.x
f5 / big-ip_application_acceleration_manager	11.6.1	11.6.5.x
f5 / big-ip_application_security_manager	11.6.1	11.6.5.x
f5 / big-ip_domain_name_system	11.6.1	11.6.5.x
f5 / big-ip_fraud_protection_service	11.6.1	11.6.5.x
f5 / big-ip_global_traffic_manager	11.6.1	11.6.5.x
f5 / big-ip_link_controller	11.6.1	11.6.5.x
f5 / big-ip_local_traffic_manager	11.6.1	11.6.5.x
f5 / big-ip_policy_enforcement_manager	11.6.1	11.6.5.x
f5 / big-ip_ddos_hybrid_defender	11.6.1	11.6.5.x
f5 / big-ip_ddos_hybrid_defender	12.1.0	12.1.5.x
f5 / big-ip_advanced_web_application_firewall	11.6.1	11.6.5.x
f5 / big-ip_advanced_web_application_firewall	12.1.0	12.1.5.x
f5 / big-ip_ssl_orchestrator	11.6.1	11.6.5.x
f5 / big-ip_ssl_orchestrator	12.1.0	12.1.5.x

https://support.f5.com/csp/article/K09121542

Vulnerability Database

289,599

CVE-2021-22981