Rapid7 Vulnerability & Exploit Database

F5 Networks: K51213246 (CVE-2021-23008): BIG-IP APM AD authentication vulnerability CVE-2021-23008

Back to Search

F5 Networks: K51213246 (CVE-2021-23008): BIG-IP APM AD authentication vulnerability CVE-2021-23008

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
04/28/2021
Created
04/30/2021
Added
04/29/2021
Modified
04/29/2021

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From K51213246:

A remote attacker can hijack a KDC connection using a spoofed AS-REP response. For an APM access policy configured with AD authentication and SSO (single sign-on) agent, if a spoofed credential related to this vulnerability is used, depending how the back-end system validates the authentication token it receives, access will most likely fail. An APM access policy can also be configured for BIG-IP system authentication. A spoofed credential related to this vulnerability for an administrative user through the APM access policy results in local administrative access.

Solution(s)

  • f5-big-ip-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;