F5 Releases Security Updates

Threat ID:: CC-3931
Threat Severity:: Information only
Published:: 26 August 2021 12:18 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Affected platforms

The following platforms are known to be affected:

Versions: 6.0.0 - 6.1.0, 7.0.0 - 7.1.0, 8.0.0 - 8.1.0

F5 BIG-IQ

Versions: 11.6.1 - 11.6.5, 12.1.0 - 12.1.6, 13.1.0 - 13.1.4, 14.1.0 - 14.1.4, 15.0.0 - 15.1.0, 15.1.0 - 15.1.3, 16.0.0 - 16.0.1

F5 BIG-IP (All Modules)

Threat details

Introduction

F5 have released an overview of vulnerabilities for some of their networking products, including BIG-IP and BIG-IQ. Over 30 vulnerabilities and security exposures are included in the advisory, with 13 CVEs rating High impact.

The high impact vulnerabilities relate to authenticated remote command execution, cross-site forgery, cross-site scripting, unexpected process termination, server-side request forgery, and privilege escalation. A remote attacker could exploit these vulnerabilities to take control of an affected system.

CVE-2021-23031, affecting BIG-IP modules Advanced Web Application Firewall (WAF) and the Application Security Manager (ASM), might be elevated from a CVSS score of 8.8 to a critical 9.9 if it is used in Appliance Mode.