CVE-2021-23040: 
F5 BIG-IP Advanced Firewall Manager vulnerability analysis and mitigation

A SQL injection vulnerability (CVE-2021-23040) was identified in BIG-IP Advanced Firewall Manager (AFM). The vulnerability affects multiple versions of BIG-IP AFM including 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x. The vulnerability exists in an undisclosed page of the BIG-IP Configuration utility and is only exposed when BIG-IP AFM is provisioned (NVD Database).

The vulnerability is classified as SQL Injection (CWE-89) with a CVSS v3.1 Base Score of 8.8 (HIGH). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and no user interaction (UI:N). The scope is unchanged (S:U) with high impact on confidentiality (C:H), integrity (I:H), and availability (A:H) (NVD Database).

The vulnerability could potentially allow an attacker to execute SQL injection attacks against the affected BIG-IP AFM systems, potentially compromising the confidentiality, integrity, and availability of the system as indicated by the high CVSS impact scores (NVD Database).

F5 Networks has released patched versions to address this vulnerability. Users should upgrade to version 16.0.1.2, 15.1.3, 14.1.4.2, or 13.1.4.1 depending on their current version track (NVD Database).