CVE-2021-23044: Input Validation
First published: Tue Sep 14 2021(Updated: )
On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x, when the Intel QuickAssist Technology (QAT) compression driver is used on affected BIG-IP hardware and BIG-IP Virtual Edition (VE) platforms, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 Access Policy Manager | >=11.6.0<=11.6.5 | |
| F5 Access Policy Manager | >=12.1.0<=12.1.6 | |
| F5 Access Policy Manager | >=13.1.0<13.1.4.1 | |
| F5 Access Policy Manager | >=14.1.0<14.1.4.2 | |
| F5 Access Policy Manager | >=15.1.0<15.1.3.1 | |
| F5 Access Policy Manager | >=16.0.0<16.1.0 | |
| F5 BIG-IP Advanced Firewall Manager | >=11.6.0<=11.6.5 | |
| F5 BIG-IP Advanced Firewall Manager | >=12.1.0<=12.1.6 | |
| F5 BIG-IP Advanced Firewall Manager | >=13.1.0<=13.1.4.1 | |
| F5 BIG-IP Advanced Firewall Manager | >=14.1.0<14.1.4.2 | |
| F5 BIG-IP Advanced Firewall Manager | >=15.1.0<15.1.3.1 | |
| F5 BIG-IP Advanced Firewall Manager | >=16.0.0<16.1.0 | |
| F5 BIG-IP Analytics | >=11.6.0<=11.6.5 | |
| F5 BIG-IP Analytics | >=12.1.0<=12.1.6 | |
| F5 BIG-IP Analytics | >=13.1.0<13.1.4.1 | |
| F5 BIG-IP Analytics | >=14.1.0<14.1.4.2 | |
| F5 BIG-IP Analytics | >=15.1.0<15.1.3.1 | |
| F5 BIG-IP Analytics | >=16.0.0<16.1.0 | |
| F5 BIG-IP Application Acceleration Manager | >=11.6.0<=11.6.5 | |
| F5 BIG-IP Application Acceleration Manager | >=12.1.0<=12.1.6 | |
| F5 BIG-IP Application Acceleration Manager | >=13.1.0<13.1.4.1 | |
| F5 BIG-IP Application Acceleration Manager | >=14.1.0<14.1.4.2 | |
| F5 BIG-IP Application Acceleration Manager | >=15.1.0<15.1.3.1 | |
| F5 BIG-IP Application Acceleration Manager | >=16.0.0<16.1.0 | |
| F5 Application Security Manager | >=11.6.0<=11.6.5 | |
| F5 Application Security Manager | >=12.1.0<=12.1.6 | |
| F5 Application Security Manager | >=13.1.0<13.1.4.1 | |
| F5 Application Security Manager | >=14.1.0<14.1.4.2 | |
| F5 Application Security Manager | >=15.1.0<15.1.3.1 | |
| F5 Application Security Manager | >=16.0.0<16.1.0 | |
| F5 BIG-IP | >=11.6.0<=11.6.5 | |
| F5 BIG-IP | >=12.1.0<=12.1.6 | |
| F5 BIG-IP | >=13.1.0<13.1.4.1 | |
| F5 BIG-IP | >=14.1.0<14.1.4.2 | |
| F5 BIG-IP | >=15.1.0<15.1.3.1 | |
| F5 BIG-IP | >=16.0.0<16.1.0 | |
| F5 BIG-IP Fraud Protection Service | >=11.6.0<=11.6.5 | |
| F5 BIG-IP Fraud Protection Service | >=12.1.0<=12.1.6 | |
| F5 BIG-IP Fraud Protection Service | >=13.1.0<13.1.4.1 | |
| F5 BIG-IP Fraud Protection Service | >=14.1.0<14.1.4.2 | |
| F5 BIG-IP Fraud Protection Service | >=15.1.0<15.1.3.1 | |
| F5 BIG-IP Fraud Protection Service | >=16.0.0<16.1.0 | |
| Riverbed SteelApp Traffic Manager | >=11.6.0<=11.6.5 | |
| Riverbed SteelApp Traffic Manager | >=12.1.0<=12.1.6 | |
| Riverbed SteelApp Traffic Manager | >=13.1.0<13.1.4.1 | |
| Riverbed SteelApp Traffic Manager | >=14.1.0<14.1.4.2 | |
| Riverbed SteelApp Traffic Manager | >=15.1.0<15.1.3.1 | |
| Riverbed SteelApp Traffic Manager | >=16.0.0<16.1.0 | |
| F5 BIG-IP Link Controller | >=11.6.0<=11.6.5 | |
| F5 BIG-IP Link Controller | >=12.1.0<=12.1.6 | |
| F5 BIG-IP Link Controller | >=13.1.0<13.1.4.1 | |
| F5 BIG-IP Link Controller | >=14.1.0<14.1.4.2 | |
| F5 BIG-IP Link Controller | >=15.1.0<15.1.3.1 | |
| F5 BIG-IP Link Controller | >=16.0.0<16.1.0 | |
| Riverbed SteelApp Traffic Manager | >=11.6.0<=11.6.5 | |
| Riverbed SteelApp Traffic Manager | >=12.1.0<=12.1.6 | |
| Riverbed SteelApp Traffic Manager | >=13.1.0<13.1.4.1 | |
| Riverbed SteelApp Traffic Manager | >=14.1.0<14.1.4.2 | |
| Riverbed SteelApp Traffic Manager | >=15.1.0<15.1.3.1 | |
| Riverbed SteelApp Traffic Manager | >=16.0.0<16.1.0 | |
| F5 BIG-IP Policy Enforcement Manager | >=11.6.0<=11.6.5 | |
| F5 BIG-IP Policy Enforcement Manager | >=12.1.0<=12.1.6 | |
| F5 BIG-IP Policy Enforcement Manager | >=13.1.0<13.1.4.1 | |
| F5 BIG-IP Policy Enforcement Manager | >=14.1.0<14.1.4.2 | |
| F5 BIG-IP Policy Enforcement Manager | >=15.1.0<15.1.3.1 | |
| F5 BIG-IP Policy Enforcement Manager | >=16.0.0<16.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-23044?
The severity of CVE-2021-23044 is categorized as high due to potential exploitation risks.
How do I fix CVE-2021-23044?
To fix CVE-2021-23044, upgrade to a patched version of BIG-IP above the affected versions specified in the CVE description.
Which versions of BIG-IP are affected by CVE-2021-23044?
CVE-2021-23044 affects multiple BIG-IP versions including 11.6.x, 12.1.x, 13.1.x, 14.1.x, 15.1.x, and 16.x before specific patch levels.
What impact does CVE-2021-23044 have on BIG-IP users?
CVE-2021-23044 may allow attackers to gain unauthorized access to sensitive information through the exploitation of the Intel QuickAssist Technology.
Is CVE-2021-23044 specific to any particular configuration in BIG-IP?
Yes, CVE-2021-23044 specifically affects configurations using the Intel QuickAssist Technology compression driver on certain BIG-IP hardware platforms.
- agent/last-modified-date
- agent/first-publish-date
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/f5
- canonical/f5 access policy manager
- version/f5 access policy manager/11.6.0
- version/f5 access policy manager/11.6.5
- version/f5 access policy manager/12.1.0
- version/f5 access policy manager/12.1.6
- version/f5 access policy manager/13.1.0
- version/f5 access policy manager/14.1.0
- version/f5 access policy manager/15.1.0
- version/f5 access policy manager/16.0.0
- canonical/f5 big-ip advanced firewall manager
- version/f5 big-ip advanced firewall manager/11.6.0
- version/f5 big-ip advanced firewall manager/11.6.5
- version/f5 big-ip advanced firewall manager/12.1.0
- version/f5 big-ip advanced firewall manager/12.1.6
- version/f5 big-ip advanced firewall manager/13.1.0
- version/f5 big-ip advanced firewall manager/13.1.4.1
- version/f5 big-ip advanced firewall manager/14.1.0
- version/f5 big-ip advanced firewall manager/15.1.0
- version/f5 big-ip advanced firewall manager/16.0.0
- canonical/f5 big-ip analytics
- version/f5 big-ip analytics/11.6.0
- version/f5 big-ip analytics/11.6.5
- version/f5 big-ip analytics/12.1.0
- version/f5 big-ip analytics/12.1.6
- version/f5 big-ip analytics/13.1.0
- version/f5 big-ip analytics/14.1.0
- version/f5 big-ip analytics/15.1.0
- version/f5 big-ip analytics/16.0.0
- canonical/f5 big-ip application acceleration manager
- version/f5 big-ip application acceleration manager/11.6.0
- version/f5 big-ip application acceleration manager/11.6.5
- version/f5 big-ip application acceleration manager/12.1.0
- version/f5 big-ip application acceleration manager/12.1.6
- version/f5 big-ip application acceleration manager/13.1.0
- version/f5 big-ip application acceleration manager/14.1.0
- version/f5 big-ip application acceleration manager/15.1.0
- version/f5 big-ip application acceleration manager/16.0.0
- canonical/f5 application security manager
- version/f5 application security manager/11.6.0
- version/f5 application security manager/11.6.5
- version/f5 application security manager/12.1.0
- version/f5 application security manager/12.1.6
- version/f5 application security manager/13.1.0
- version/f5 application security manager/14.1.0
- version/f5 application security manager/15.1.0
- version/f5 application security manager/16.0.0
- canonical/f5 big-ip
- version/f5 big-ip/11.6.0
- version/f5 big-ip/11.6.5
- version/f5 big-ip/12.1.0
- version/f5 big-ip/12.1.6
- version/f5 big-ip/13.1.0
- version/f5 big-ip/14.1.0
- version/f5 big-ip/15.1.0
- version/f5 big-ip/16.0.0
- canonical/f5 big-ip fraud protection service
- version/f5 big-ip fraud protection service/11.6.0
- version/f5 big-ip fraud protection service/11.6.5
- version/f5 big-ip fraud protection service/12.1.0
- version/f5 big-ip fraud protection service/12.1.6
- version/f5 big-ip fraud protection service/13.1.0
- version/f5 big-ip fraud protection service/14.1.0
- version/f5 big-ip fraud protection service/15.1.0
- version/f5 big-ip fraud protection service/16.0.0
- canonical/riverbed steelapp traffic manager
- version/riverbed steelapp traffic manager/11.6.0
- version/riverbed steelapp traffic manager/11.6.5
- version/riverbed steelapp traffic manager/12.1.0
- version/riverbed steelapp traffic manager/12.1.6
- version/riverbed steelapp traffic manager/13.1.0
- version/riverbed steelapp traffic manager/14.1.0
- version/riverbed steelapp traffic manager/15.1.0
- version/riverbed steelapp traffic manager/16.0.0
- canonical/f5 big-ip link controller
- version/f5 big-ip link controller/11.6.0
- version/f5 big-ip link controller/11.6.5
- version/f5 big-ip link controller/12.1.0
- version/f5 big-ip link controller/12.1.6
- version/f5 big-ip link controller/13.1.0
- version/f5 big-ip link controller/14.1.0
- version/f5 big-ip link controller/15.1.0
- version/f5 big-ip link controller/16.0.0
- canonical/f5 big-ip policy enforcement manager
- version/f5 big-ip policy enforcement manager/11.6.0
- version/f5 big-ip policy enforcement manager/11.6.5
- version/f5 big-ip policy enforcement manager/12.1.0
- version/f5 big-ip policy enforcement manager/12.1.6
- version/f5 big-ip policy enforcement manager/13.1.0
- version/f5 big-ip policy enforcement manager/14.1.0
- version/f5 big-ip policy enforcement manager/15.1.0
- version/f5 big-ip policy enforcement manager/16.0.0