CVE-2021-23028 : Security Advisory and Response

This article discusses CVE-2021-23028, a vulnerability found in BIG-IP Advanced WAF and BIG-IP ASM versions. It explores the impact, technical details, and mitigation strategies.

Understanding CVE-2021-23028

CVE-2021-23028 is a vulnerability identified in F5's BIG-IP Advanced WAF and BIG-IP ASM products, affecting specific versions.

What is CVE-2021-23028?

The vulnerability arises when JSON content profiles are set for URLs within an F5 Advanced Web Application Firewall (WAF)/BIG-IP ASM security policy, potentially leading to the termination of the BIG-IP ASM bd process.

The Impact of CVE-2021-23028

Undisclosed requests can trigger the vulnerability, causing the termination of the affected process. It may lead to service disruption or denial of service.

Technical Details of CVE-2021-23028

Let's delve into the technical aspects of CVE-2021-23028 to understand the vulnerability comprehensively.

Vulnerability Description

The issue occurs in versions 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, and 13.1.x before 13.1.4 when certain configurations are applied to virtual servers.

Affected Systems and Versions

BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x, 15.1.x, 14.1.x, and 13.1.x are vulnerable to this exploit.

Exploitation Mechanism

Attackers can exploit this vulnerability by sending specific requests, triggering the termination of the affected process.

Mitigation and Prevention

Understand how to address and prevent the CVE-2021-23028 vulnerability effectively.

Immediate Steps to Take

Update the impacted versions to 16.0.1.2, 15.1.3.1, 14.1.4.2, and 13.1.4 or newer to mitigate the risk of exploitation.

Long-Term Security Practices

Regularly monitor and apply security patches to prevent similar vulnerabilities in the future.

Patching and Updates

Stay informed about security updates from F5 and promptly apply patches to maintain a secure environment.