Security Alert (A23-10-13): Multiple Vulnerabilities in F5 Products


 

Published on: 11 October 2023

  
  

Description:

F5 has published security advisories to address multiple vulnerabilities in F5 devices. The details about the vulnerabilities can be found at the following websites:
https://my.f5.com/manage/s/article/K000132420
https://my.f5.com/manage/s/article/K000133467
https://my.f5.com/manage/s/article/K000134652
https://my.f5.com/manage/s/article/K000135874
https://my.f5.com/manage/s/article/K000135944
https://my.f5.com/manage/s/article/K21800102
https://my.f5.com/manage/s/article/K29141800
https://my.f5.com/manage/s/article/K75431121

 

Affected Systems:

  • BIG-IP version 17.1.0
  • BIG-IP versions 16.1.0 16.1.4
  • BIG-IP versions 15.1.0 15.1.8
  • BIG-IP versions 14.1.0 14.1.5
  • BIG-IP versions 13.1.0 13.1.5
  • BIG-IP (APM) versions 16.1.0 16.1.3
  • BIG-IP (APM) versions 15.1.0 15.1.8
  • BIG-IP (APM) versions 14.1.0 14.1.5
  • BIG-IP (Advanced WAF/ASM) versions 16.1.0 16.1.3
  • BIG-IP (Advanced WAF/ASM) versions 15.1.0 15.1.8
  • BIG-IP (Advanced WAF/ASM) versions 14.1.0 14.1.5
  • BIG-IP (Advanced WAF/ASM) versions 13.1.0 13.1.5
  • NGINX App Protect WAF versions 4.0.0 4.1.0
  • NGINX App Protect WAF versions 3.3.0 3.12.2
  • BIG-IP Next SPK versions 1.6.0 1.8.2
  • BIG-IP Next SPK version 1.5.0

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service or information disclosure of an affected system.

 

Recommendation:

Software updates for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. It is recommended to consult the product vendors for the fixes and assistance.

System administrators are advised to follow the security best practice to only permit management access to the products over a secure network and limit shell access to trusted users.

 

More Information:

  • https://my.f5.com/manage/s/article/K000132420
  • https://my.f5.com/manage/s/article/K000133467
  • https://my.f5.com/manage/s/article/K000134652
  • https://my.f5.com/manage/s/article/K000135874
  • https://my.f5.com/manage/s/article/K000135944
  • https://my.f5.com/manage/s/article/K21800102
  • https://my.f5.com/manage/s/article/K29141800
  • https://my.f5.com/manage/s/article/K75431121
  • https://www.hkcert.org/security-bulletin/f5-products-multiple-vulnerabilities_20231011
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40534
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40537
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40542
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41085
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45226


Tag: F5 , BIG-IP , NGINX App Protect WAF
Tags