vulnerability
F5 Networks: CVE-2021-23002: K71891773: BIG-IP APM VPN vulnerability CVE-2021-23002
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
3 | (AV:A/AC:L/Au:S/C:P/I:N/A:N) | Mar 10, 2021 | Mar 18, 2021 | Aug 23, 2024 |
Severity
3
CVSS
(AV:A/AC:L/Au:S/C:P/I:N/A:N)
Published
Mar 10, 2021
Added
Mar 18, 2021
Modified
Aug 23, 2024
Description
When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of the f5vpn.exe command when VPN is launched from the browser on a Windows system. Addressing this issue requires both the client and server fixes. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Solution
f5-big-ip-upgrade-latest

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.