Back to search
CVE-2021-22981
Published: Feb 12, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
On all versions of BIG-IP 12.1.x and 11.6.x, the original TLS protocol includes a weakness in the master secret negotiation that is mitigated by the Extended Master Secret (EMS) extension defined in RFC 7627. TLS connections that do not use EMS are vulnerable to man-in-the-middle attacks during renegotiation. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
| Vendor | Product | Versions |
|---|---|---|
n/a | BIG-IP | affected All versions of 12.1.x and 11.6.x |
References
https://support.f5.com/csp/article/K09121542
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now