CVE-2021-23029
CVE-2021-23029
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.8%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
14 Sep 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected products
n/a · BIG-IP Advanced WAF and BIG-IP ASMWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →