AltocumulusWe have the latest signature applied on ASM but while filtering on ASM signtures I can't find any signature for CVE-2021-21985. How can we make sure that signature for CVE-2021-21985 is published by F5?
OK, I heard straight from F5 SIRT that, 'Yep that signature exists in ASM since 2021/6/11.'
MVPF5 Team clearly says no impact from F5 ASM/WAF side
Not sure about the ASM Sig package but this is the page from VMware addressing that CVE - with the fixed version. Apologies if you're already aware of this: https://www.vmware.com/security/advisories/VMSA-2021-0010.html
AltocumulusYes , I have gone through the KB article , the issue is this VMware servers services are behind the F5 ASM and ASM block policy already applied to this servers but still our SIEM solution captured the exploit attempt matching ID CVE-2021-21985 so customer wanted to know why exploit attempt not blocked by the ASM when i checked the ASM signature i can't find any signature for this particular CVE.
Alright, I also found this: https://clouddocs.f5.com/cloud-services/latest/f5-cloud-services-Essential.App.Protect-Details.html
and it looks like it was added in 2021. But, this is for Essential App Protect and getting some clarity on if it was also included in the ASM package at the time.
OK, I heard straight from F5 SIRT that, 'Yep that signature exists in ASM since 2021/6/11.'
AltocumulusThank you PSilva for taking time to follow up with relevant team, when i filtered using CVE field after applying latest signature it didn't show up anything that's why i created this post to get more information on this, I will check again for the same.
