High Threat Security Alert (A21-03-06): Multiple Vulnerabilities in F5 BIG-IP


 

Published on: 12 March 2021

  
  

Description:

F5 has published security advisories to address multiple vulnerabilities in F5 devices. The details about the vulnerabilities and associated fixes can be found at the following website:

https://support.f5.com/csp/article/K02566623

Reports indicate that vulnerabilities in F5 BIG-IP (CVE-2021-22986, CVE-2021-22987, CVE-2021-22991 and CVE-2021-22992) could allow a remote attacker to execute arbitrary commands or code on an affected system through specially crafted requests. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • BIG-IP versions 16.0.0-16.0.1
  • BIG-IP versions 15.1.0-15.1.2
  • BIG-IP versions 14.1.0-14.1.3.1
  • BIG-IP versions 13.1.0-13.1.3.5
  • BIG-IP versions 12.1.0-12.1.5.2
  • BIG-IP versions 11.6.1-11.6.5.2
  • BIG-IQ versions 7.1.0-7.1.0.2
  • BIG-IQ versions 7.0.0-7.0.0.1
  • BIG-IQ versions 6.0.0-6.1.0
  • BIG-IP Advanced WAF/ASM versions 16.0.0-16.0.1
  • BIG-IP Advanced WAF/ASM versions 15.1.0-15.1.2
  • BIG-IP Advanced WAF/ASM versions 14.1.0-14.1.3.1
  • BIG-IP Advanced WAF/ASM versions 13.1.0-13.1.3.5
  • BIG-IP Advanced WAF/ASM versions 12.1.0-12.1.5.2
  • BIG-IP Advanced WAF/ASM versions 11.6.1-11.6.5.2

 

Impact:

Successful exploitation of the vulnerabilities could lead to arbitrary commands execution, arbitrary code execution, and denial of service of an affected system.

 

Recommendation:

Software updates for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. It is recommended to consult the product vendors for the fixes and assistance.

System administrators are advised to follow the security best practice to only permit management access to the products over a secure network and limit shell access to trusted users.

 

More Information:

  • https://support.f5.com/csp/article/K02566623
  • https://support.f5.com/csp/article/K03009991
  • https://support.f5.com/csp/article/K18132488
  • https://support.f5.com/csp/article/K45056101
  • https://support.f5.com/csp/article/K52510511
  • https://support.f5.com/csp/article/K56142644
  • https://support.f5.com/csp/article/K56715231
  • https://support.f5.com/csp/article/K70031188
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22986 (to CVE-2021-22992)


Tag: F5 , BIG-IP , BIG-IQ
Tags