CVE-2021-23047

Name of the Vulnerable Software and Affected Versions BIG-IP APM versions 11.6.x BIG-IP APM versions 12.1.x BIG-IP APM versions 13.1.x BIG-IP APM versions 14.1.x through 14.1.4.2 BIG-IP APM versions 15.1.x through 15.1.3.0 BIG-IP APM versions 16.x through 16.0.x

Description The issue is related to the BIG-IP APM's Online Certificate Status Protocol (OCSP) verification of a certificate that contains Authority Information Access (AIA). Undisclosed requests may cause an increase in memory use. This could potentially allow a remote attacker to cause a denial of service. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For BIG-IP APM versions 11.6.x, consider upgrading to a version that is still supported and has the issue resolved. For BIG-IP APM versions 12.1.x, consider upgrading to a version that is still supported and has the issue resolved. For BIG-IP APM versions 13.1.x, consider upgrading to a version that is still supported and has the issue resolved. For BIG-IP APM versions 14.1.x through 14.1.4.2, update to version 14.1.4.3 or later. For BIG-IP APM versions 15.1.x through 15.1.3.0, update to version 15.1.3.1 or later. For BIG-IP APM versions 16.x through 16.0.x, update to version 16.1.0 or later. As a temporary workaround, consider restricting access to the OCSP verification feature until a patch is available.