Severity

High

Analysis Summary

CVE-2021-23001

F5 BIG-IP (Advanced WAF, ASM) could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control by the upload function. By sending a specially-crafted request, an attacker could exploit this vulnerability to upload malicious files to use in future attacks or fill up the system’s disk space.

Impact

Bypass Security

Affected Vendors

F5

Affected Products

F5 BIG-IP (ASM) 14.1.0

Remediation

Refer to F5 Security Advisory for the list of affected products patch, upgrade and suggested workaround information.

F5 Security Advisory K06440657