CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Feb 1, 2022

CVE-2021-22991

High

EPSS 73.1%CISA KEV

F5/BIG-IP Traffic Management Microkernel

Description

The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls.

EPSS — Exploit Probability

73.1%

Higher than 98.8% of all CVEs

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2021-22991

Risk Assessment

HIGH

In CISA KEV

High EPSS

Details

Severity: High
EPSS: 73.1%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Jan 18, 2022

Added to KEV

Jan 18, 2022

Remediation Due

Feb 1, 2022

Affected Product

BIG-IP Traffic Management Microkernel

View all F5 CVEs

External Links

NVD (NIST)CVE Details MITRE CVE