CVE-2021-22991

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP versions 12.1.x through 12.1.5.3 F5 BIG-IP versions 13.1.x through 13.1.3.6 F5 BIG-IP versions 14.1.x through 14.1.4 F5 BIG-IP versions 15.1.x through 15.1.2.1 F5 BIG-IP versions 16.0.x through 16.0.1.1

Description: The issue is related to the Traffic Management Microkernel (TMM) URI normalization in BIG-IP. Undisclosed requests to a virtual server may be incorrectly handled, potentially triggering a buffer overflow. This could result in a Denial of Service (DoS) attack. In certain situations, it may theoretically allow bypass of URL-based access control or remote code execution (RCE).

Recommendations: For F5 BIG-IP versions 12.1.x through 12.1.5.3, update to version 12.1.5.3 or later. For F5 BIG-IP versions 13.1.x through 13.1.3.6, update to version 13.1.3.6 or later. For F5 BIG-IP versions 14.1.x through 14.1.4, update to version 14.1.4 or later. For F5 BIG-IP versions 15.1.x through 15.1.2.1, update to version 15.1.2.1 or later. For F5 BIG-IP versions 16.0.x through 16.0.1.1, update to version 16.0.1.1 or later.