cancel
Showing results for 
Search instead for 
Did you mean: 

ASM NO SIGNATURE AVAILABLE FOR CVE-2021-21985

Intothecloud
Altocumulus
Altocumulus

We have the latest signature applied on ASM but while filtering on ASM signtures  I can't find any signature for CVE-2021-21985. How can we make sure that signature for CVE-2021-21985 is published by F5?

1 ACCEPTED SOLUTION

PSilva
Community Manager
Community Manager

OK, I heard straight from F5 SIRT that, 'Yep that signature exists in ASM since 2021/6/11.'

ps

View solution in original post

6 REPLIES 6

Samir
Nacreous
Nacreous

F5 Team clearly says no impact from F5 ASM/WAF side

https://support.f5.com/csp/article/K32049501

PSilva
Community Manager
Community Manager

Not sure about the ASM Sig package but this is the page from VMware addressing that CVE - with the fixed version. Apologies if you're already aware of this: https://www.vmware.com/security/advisories/VMSA-2021-0010.html

ps

Yes , I have gone through the KB article , the issue is this VMware servers services are behind the F5 ASM and ASM block policy already applied to this servers but still our SIEM solution captured the exploit attempt matching ID CVE-2021-21985 so customer wanted to know why exploit attempt not blocked by the ASM when i checked the ASM signature i can't find any signature for this particular CVE. 

PSilva
Community Manager
Community Manager

Alright, I also found this: https://clouddocs.f5.com/cloud-services/latest/f5-cloud-services-Essential.App.Protect-Details.html

and it looks like it was added in 2021. But, this is for Essential App Protect and getting some clarity on if it was also included in the ASM package at the time. 

PSilva_0-1663967765949.png

 

ps

PSilva
Community Manager
Community Manager

OK, I heard straight from F5 SIRT that, 'Yep that signature exists in ASM since 2021/6/11.'

ps

Thank you @PSilva for taking time to follow up with relevant team, when i filtered using CVE field after applying latest signature it didn't show up anything that's why i created this post to get more information on this, I will check again for the same.