High Threat Security Alert (A21-08-14): Multiple Vulnerabilities in F5 BIG-IP

Description:

F5 has published security advisories to address multiple vulnerabilities in F5 devices. The details about the vulnerabilities and associated fixes can be found at the following website:

https://support.f5.com/csp/article/K50974556

Reports indicate that a vulnerability in F5 BIG-IP (CVE-2021-23031) could allow an authenticated attacker to perform a privilege escalation on an affected system. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• BIG-IP versions 16.0.0-16.0.1
• BIG-IP versions 15.1.0-15.1.2
• BIG-IP versions 14.1.0-14.1.4
• BIG-IP versions 13.1.0-13.1.4
• BIG-IP versions 12.1.0-12.1.6
• BIG-IP versions 11.6.1-11.6.5
• BIG-IQ versions 8.0.0-8.1.0
• BIG-IQ versions 7.0.0-7.1.0
• BIG-IQ versions 6.0.0-6.1.0
• BIG-IP Advanced WAF/ASM versions 16.0.0-16.0.1
• BIG-IP Advanced WAF/ASM versions 15.1.0-15.1.3
• BIG-IP Advanced WAF/ASM versions 14.1.0-14.1.4.1
• BIG-IP Advanced WAF/ASM versions 13.1.0-13.1.4
• BIG-IP Advanced WAF/ASM versions 12.1.0-12.1.6
• BIG-IP Advanced WAF/ASM versions 11.6.1-11.6.5
• BIG-IP Guided Configuration version 7.0
• BIG-IP Guided Configuration version 6.0
• BIG-IP Guided Configuration version 5.0
• BIG-IP Guided Configuration version 4.1
• BIG-IP Guided Configuration version 3.0

Impact:

Successful exploitation of the vulnerabilities could lead to remote command execution, cross-site scripting, data manipulation, denial of service, information disclosure, privilege escalation, spoofing, system crash or security restriction bypass of an affected system.

Recommendation:

Software updates for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. It is recommended to consult the product vendors for the fixes and assistance.

System administrators are advised to follow the security best practice to only permit management access to the products over a secure network and limit shell access to trusted users.

More Information:

• https://www.hkcert.org/security-bulletin/f5-big-ip-multiple-vulnerabilities_20210826
• https://us-cert.cisa.gov/ncas/current-activity/2021/08/25/f5-releases-august-2021-security-advisory
• https://support.f5.com/csp/article/K00602225
• https://support.f5.com/csp/article/K01153535
• https://support.f5.com/csp/article/K05043394
• https://support.f5.com/csp/article/K05314769
• https://support.f5.com/csp/article/K05391775
• https://support.f5.com/csp/article/K14903688
• https://support.f5.com/csp/article/K19012930
• https://support.f5.com/csp/article/K21435974
• https://support.f5.com/csp/article/K24301698
• https://support.f5.com/csp/article/K30150004
• https://support.f5.com/csp/article/K30291321
• https://support.f5.com/csp/article/K30523121
• https://support.f5.com/csp/article/K32734107
• https://support.f5.com/csp/article/K35408374
• https://support.f5.com/csp/article/K36942191
• https://support.f5.com/csp/article/K42051445
• https://support.f5.com/csp/article/K42526507
• https://support.f5.com/csp/article/K44553214
• https://support.f5.com/csp/article/K45407662
• https://support.f5.com/csp/article/K48321015
• https://support.f5.com/csp/article/K49549213
• https://support.f5.com/csp/article/K50974556
• https://support.f5.com/csp/article/K52420610
• https://support.f5.com/csp/article/K53854428
• https://support.f5.com/csp/article/K55543151
• https://support.f5.com/csp/article/K61643620
• https://support.f5.com/csp/article/K63163637
• https://support.f5.com/csp/article/K65397301
• https://support.f5.com/csp/article/K66782293
• https://support.f5.com/csp/article/K70415522
• https://support.f5.com/csp/article/K70652532
• https://support.f5.com/csp/article/K79428827
• https://support.f5.com/csp/article/K93231374
• https://support.f5.com/csp/article/K94255403
• https://support.f5.com/csp/article/K94941221
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5862
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23025 (to CVE-2021-23053)