CVE-2021-23029

Name of the Vulnerable Software and Affected Versions F5 Advanced Web Application Firewall (WAF) versions 16.0.x through 16.0.1.2

Description Insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through the F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility.

Recommendations For versions 16.0.x through 16.0.1.2, update to version 16.0.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the BIG-IP ASM Configuration utility to minimize the risk of exploitation.