Security Alert (A23-10-13): Multiple Vulnerabilities in F5 Products
11 October 2023
F5 has published security advisories to address multiple vulnerabilities in F5 devices. The details about the vulnerabilities can be found at the following websites: https://my.f5.com/manage/s/article/K000132420 https://my.f5.com/manage/s/article/K000133467 https://my.f5.com/manage/s/article/K000134652 https://my.f5.com/manage/s/article/K000135874 https://my.f5.com/manage/s/article/K000135944 https://my.f5.com/manage/s/article/K21800102 https://my.f5.com/manage/s/article/K29141800 https://my.f5.com/manage/s/article/K75431121
BIG-IP version 17.1.0
BIG-IP versions 16.1.0 16.1.4
BIG-IP versions 15.1.0 15.1.8
BIG-IP versions 14.1.0 14.1.5
BIG-IP versions 13.1.0 13.1.5
BIG-IP (APM) versions 16.1.0 16.1.3
BIG-IP (APM) versions 15.1.0 15.1.8
BIG-IP (APM) versions 14.1.0 14.1.5
BIG-IP (Advanced WAF/ASM) versions 16.1.0 16.1.3
BIG-IP (Advanced WAF/ASM) versions 15.1.0 15.1.8
BIG-IP (Advanced WAF/ASM) versions 14.1.0 14.1.5
BIG-IP (Advanced WAF/ASM) versions 13.1.0 13.1.5
NGINX App Protect WAF versions 4.0.0 4.1.0
NGINX App Protect WAF versions 3.3.0 3.12.2
BIG-IP Next SPK versions 1.6.0 1.8.2
BIG-IP Next SPK version 1.5.0
Successful exploitation of the vulnerabilities could lead to remote code execution, denial of service or information disclosure of an affected system.
Software updates for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. It is recommended to consult the product vendors for the fixes and assistance.
System administrators are advised to follow the security best practice to only permit management access to the products over a secure network and limit shell access to trusted users.