K36942191 : Advanced WAF and BIG-IP ASM MySQL database vulnerability CVE-2021-23053

2021-08-2400:00:00

my.f5.com

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.5%

JSON

Security Advisory Description

When the brute force protection feature of ASM/Adv WAF is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. (CVE-2021-23053)

Impact

When attackers exploit this vulnerability, the MySQL database consumes more storage space than expected. As a result, the related configuration and reporting services in the Configuration utility, the TMOS Shell (tmsh), and iControl REST may fail to function as expected. Though the attack originates in the data plane, the attack impacts only the control plane.

CPENameOperatorVersion
f5 ssl orchestratoreq14.1.0
f5 ssl orchestratoreq14.1.2
f5 ssl orchestratoreq14.1.4
f5 ssl orchestratoreq15.1.0
f5 ssl orchestratoreq15.1.1
f5 ssl orchestratoreq16.0.0
f5 ssl orchestratoreq16.0.1
f5 ssl orchestratoreq16.1.0
big-ip afmeq11.6.1
big-ip afmeq11.6.2

Name	Operator	Version
f5 ssl orchestrator	eq	14.1.0
f5 ssl orchestrator	eq	14.1.2
f5 ssl orchestrator	eq	14.1.4
f5 ssl orchestrator	eq	15.1.0
f5 ssl orchestrator	eq	15.1.1
f5 ssl orchestrator	eq	16.0.0
f5 ssl orchestrator	eq	16.0.1
f5 ssl orchestrator	eq	16.1.0
big-ip afm	eq	11.6.1
big-ip afm	eq	11.6.2

Rows per page:

1-10 of 2951