What is CVE-2021-23042?

A high-severity vulnerability in F5 BIG-IP versions allows for significant resource utilization increases due to specific HTTP profile configurations. Immediate remediation is essential for affected systems.

What is the severity of CVE-2021-23042?

CVE-2021-23042 has a severity rating of HIGH with a CVSS base score of 7.5.

CVE-2021-23042 | High Vulnerability in F5 BIG-IP

CVE-2021-23042 is a high-severity vulnerability affecting multiple versions of F5's BIG-IP product, specifically those prior to 16.0.1.2, 15.1.3, 14.1.4, 13.1.4, and 12.1.6. This vulnerability allows for significant resource utilization increases when an HTTP profile is configured on a virtual server. The potential for resource exhaustion could lead to service disruptions, making this a critical issue for organizations relying on these systems.

The CVSS score for this vulnerability is 7.5, indicating high severity. The attack vector is network-based, requiring no authentication or user interaction, which enhances the risk to organizations. With a potential availability impact categorized as high, organizations should prioritize patching immediately.

Currently, there are no confirmed public exploits or known active exploitation of this vulnerability. However, the lack of public exploit confirmation does not diminish the urgency for remediation, as the attack vector is readily accessible.

Organizations using affected versions of F5 BIG-IP should take immediate action to apply the necessary patches or updates to mitigate the risk associated with this vulnerability.

Vulnerability Details

The official description of CVE-2021-23042 states that it affects F5 BIG-IP versions 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4, 13.1.x before 13.1.4, and 12.1.x before 12.1.6. When an HTTP profile is configured on a virtual server, undisclosed requests can cause a significant increase in system resource utilization. Note that software versions which have reached End of Technical Support (EoTS) are not evaluated.

The vulnerability is classified as CWE-400: Uncontrolled Resource Consumption. This classification highlights the potential for resource exhaustion due to improper handling of certain requests.

The CVSS score of 7.5 indicates a high level of severity, with an availability impact rated as high. This severity illustrates the potential for significant disruption to services if the vulnerability is exploited. The attack vector is classified as network, with low complexity, requiring no privileges or user interaction.

Technical Analysis

The root cause of CVE-2021-23042 is linked to the configuration of HTTP profiles on F5 BIG-IP virtual servers. When improperly configured, these profiles can lead to increased resource utilization in response to specific requests. This scenario exemplifies a lack of control over resource consumption, which can be exploited by an attacker to degrade service performance or cause outages.

The attack vector is network-based, allowing potential attackers to target vulnerable systems remotely. The attack complexity is low, meaning that the exploitation of this vulnerability does not require advanced skills or resources. No privileges are required for an attacker to initiate the attack, and user interaction is also not necessary.

In terms of impact, the confidentiality and integrity of the system are not affected; however, the availability is significantly impacted, as the excessive resource consumption can lead to denial-of-service situations.

Risk & Impact Analysis

The real-world deployment risk associated with CVE-2021-23042 is significant, especially for organizations that rely heavily on the F5 BIG-IP solutions for critical services. The potential for service disruptions due to resource exhaustion could lead to operational downtime, loss of revenue, and reputational damage.

Organizations should also consider the blast radius of this vulnerability, as it affects various components within the F5 BIG-IP ecosystem, including the access policy manager, advanced firewall manager, and application security manager. This widespread impact increases the urgency for remediation, as multiple services may be compromised simultaneously.

The urgency assessment based on the CVSS score indicates that organizations should prioritize patching immediately. The availability impact is classified as high, which necessitates swift action to mitigate potential downtime and service degradation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions for CVE-2021-23042 include F5 BIG-IP Access Policy Manager, Advanced Firewall Manager, Advanced Web Application Firewall, Analytics, Application Acceleration Manager, Application Security Manager, DDoS Hybrid Defender, Domain Name System, Fraud Protection Service, Global Traffic Manager, Link Controller, Local Traffic Manager, Policy Enforcement Manager, and SSL Orchestrator, specifically versions before the following:

• BIG-IP 16.0.x before 16.0.1.2 • BIG-IP 15.1.x before 15.1.3 • BIG-IP 14.1.x before 14.1.4 • BIG-IP 13.1.x before 13.1.4 • BIG-IP 12.1.x before 12.1.6 If version information is missing, organizations should assume all versions prior to vendor patch are affected.

Mitigation & Remediation

Organizations should prioritize remediation of CVE-2021-23042 by applying the necessary patches or updates as provided by F5. For detailed guidance on implementing effective security measures, refer to the following resources:

penetration testing can help validate remediation effectiveness.

Detection Guidance

To detect potential exploitation of CVE-2021-23042, organizations should monitor for unusual system resource utilization patterns. Log indicators of excessive resource consumption and look for behavioral anomalies that deviate from normal operational baselines. Additionally, network signatures related to unexpected HTTP requests should be identified and investigated.

AppSecure Threat Intelligence Insight

CVE-2021-23042 represents a significant risk for organizations using F5 BIG-IP products. The patterns of resource exhaustion vulnerabilities are increasingly common in network-facing applications, emphasizing the necessity for robust security measures. Organizations should learn from this vulnerability to enhance their security posture.

For further strategies on improving security frameworks, organizations can explore our resources on vulnerability management programs and penetration testing methodology to proactively address similar vulnerabilities.

Engaging in API security testing can also help uncover potential weaknesses in configuration.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2021-23042: High Vulnerability in F5 BIG-IP