F5 Advanced WAF/ASM buffer-overflow vulnerability (CVE-2021-22992)
A malicious HTTP response to an Advanced WAF/ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution (RCE), leading to complete system compromise.
A sophisticated attacker must have control over the back-end web servers (pool members) or the ability to manipulate the server-side HTTP responses to the virtual server to exploit this vulnerability. With this level of back-end control, the attacker may cause the BIG-IP Advanced WAF/ASM system to experience a denial-of-service (DoS). In the worst case, the attacker may execute arbitrary code on the BIG-IP Advanced WAF/ASM system. This vulnerability can only be exploited through the data plane and cannot be exploited through the control plane. Exploitation can lead to complete system compromise.
To determine if your product and version have been evaluated for this vulnerability please check here – https://support.f5.com/csp/article/K52510511
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.