What is CVE-2021-22992?

CVE-2021-22992 is a vulnerability in Big-ip Advanced Waf And Asm. Published 2021-03-31.

Is CVE-2021-22992 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Big-ip Advanced Waf And Asm

CVE-2021-22992

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, a malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server wit…

EPSS: 0.727 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a Big-ip Advanced Waf And Asm — versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, 11.6.x before 11.6.5.3

Public proof-of-concept exploits

ARPSyndicate/cvemon
DNTYO/F5_
r0eXpeR/supplier

References

support.f5.com/csp/article/K52510511 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-22992?: CVE-2021-22992 is a vulnerability in Big-ip Advanced Waf And Asm. Published 2021-03-31.
Is CVE-2021-22992 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.