CVE-2021-23039 - AskarLabs CVE Database

CVE-2021-23039

Vendor N/A

Product BIG-IP

Weakness CWE-20 · Input validation

Published September 14, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.2.8, and all versions of 13.1.x and 12.1.x, when IPSec is configured on a BIG-IP system, undisclosed requests from an authorized remote (IPSec) peer, which already has a negotiated Security Association, can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Key dates

02Disclosure timeline

September 14, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-23039 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

04Related CVE

CVE-2023-29371 Windows GDI Elevation of Privilege Vulnerability CVE-2024-56133 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. CVE-2026-41727 In Spring for Apache Kafka, forged retry topic headers subvert retry routing and backoff behavior CVE-2019-1747 Cisco IOS and IOS XE Software Short Message Service Denial of Service Vulnerability CVE-2023-5043 Ingress nginx annotation injection causes arbitrary command execution