Lucene search

F5CVELIST:CVE-2021-22981

HistoryFeb 12, 2021 - 5:50 p.m.

CVE-2021-22981

2021-02-1217:50:21

www.cve.org

cve-2021-22981

big-ip

tls protocol

master secret negotiation

extended master secret

man-in-the-middle

renegotiation

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

28.7%

JSON

On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627. TLS connections that do not use EMS are vulnerable to man-in-the-middle attacks during renegotiation. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CNA Affected

[
  {
    "product": "BIG-IP",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "All versions of 12.1.x and 11.6.x"
      }
    ]
  }
]

References

support.f5.com/csp/article/K09121542