CVE-2021-23048 : Security Advisory and Response
Learn about CVE-2021-23048, a vulnerability in F5 BIG-IP software versions 16.0.x, 15.1.x, and others. Understand the impact, affected systems, and mitigation steps.
This article provides an overview of CVE-2021-23048, a vulnerability found in BIG-IP devices that could lead to service termination under specific conditions.
Understanding CVE-2021-23048
CVE-2021-23048 is a vulnerability affecting various versions of F5 BIG-IP software. It arises from the mismanagement of GPRS Tunneling Protocol (GTP) iRules commands or profiles, which can trigger unforeseen GTP messages causing the Traffic Management Microkernel (TMM) to halt unexpectedly. This issue is not assessed on software versions that have reached End of Technical Support (EoTS).
What is CVE-2021-23048?
CVE-2021-23048 is a vulnerability in BIG-IP software versions 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x. When GTP iRules or profiles are misconfigured, certain GTP messages can lead to TMM termination.
The Impact of CVE-2021-23048
The vulnerability can result in the abrupt termination of the Traffic Management Microkernel (TMM) due to undisclosed GTP messages triggered by misconfigured GTP iRules or profiles.
Technical Details of CVE-2021-23048
This section outlines the specifics of the CVE, including the vulnerability description, affected systems, and exploitation mechanism.
Vulnerability Description
The vulnerability occurs in BIG-IP software versions 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x when GTP iRules or profiles are misconfigured, leading to TMM termination upon receiving specific GTP messages.
Affected Systems and Versions
BIG-IP software versions 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x are impacted by this vulnerability.
Exploitation Mechanism
By sending specific undisclosed GTP messages to a virtual server with misconfigured GTP iRules or profiles, attackers can exploit this vulnerability to force TMM to terminate.
Mitigation and Prevention
To mitigate the risks associated with CVE-2021-23048, immediate steps and long-term security practices should be followed. Ensuring timely patching and updates is crucial for safeguarding affected systems.
Immediate Steps to Take
Immediate actions include reviewing and reconfiguring GTP iRules and profiles to prevent the reception of malicious GTP messages leading to TMM termination.
Long-Term Security Practices
In the long term, it is essential to regularly update the BIG-IP software to the latest versions and follow F5's security advisories for any patches related to CVE-2021-23048.
Patching and Updates
Applying the latest patches released by F5 for the affected software versions is vital to address the CVE-2021-23048 vulnerability and enhance system security.