CVE-2021-22992

Name of the Vulnerable Software and Affected Versions: BIG-IP versions 16.0.x through 16.0.1.1 BIG-IP versions 15.1.x through 15.1.2.1 BIG-IP versions 14.1.x through 14.1.4 BIG-IP versions 13.1.x through 13.1.3.6 BIG-IP versions 12.1.x through 12.1.5.3 BIG-IP versions 11.6.x through 11.6.5.3

Description: A malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution (RCE), leading to complete system compromise. The issue is related to the is hdr criteria matches function of the BIG-IP Advanced Web Application Firewall (AWAF), which is associated with a buffer overflow in memory. Exploitation of the issue may allow a remote attacker to cause a denial of service or execute arbitrary code using a specially crafted malicious HTTP response.

Recommendations: For BIG-IP versions 16.0.x through 16.0.1.1, update to version 16.0.1.1 or later. For BIG-IP versions 15.1.x through 15.1.2.1, update to version 15.1.2.1 or later. For BIG-IP versions 14.1.x through 14.1.4, update to version 14.1.4 or later. For BIG-IP versions 13.1.x through 13.1.3.6, update to version 13.1.3.6 or later. For BIG-IP versions 12.1.x through 12.1.5.3, update to version 12.1.5.3 or later. For BIG-IP versions 11.6.x through 11.6.5.3, update to version 11.6.5.3 or later. As a temporary workaround, consider disabling the is hdr criteria matches function until a patch is available. Restrict access to the vulnerable BIG-IP Advanced Web Application Firewall (AWAF) module to minimize the risk of exploitation. Avoid using the Login Page configuration in the policy of the Advanced WAF/BIG-IP ASM virtual server until the issue is resolved.