High Threat Security Alert (A26-01-13): Vulnerability in F5 F5OS

Description:

F5 has published security advisory to address a vulnerability in F5 F5OS. The details about the vulnerability can be found at the following website:
https://my.f5.com/manage/s/article/K000159077

Reports indicate that the proof-of-concept (PoC) code for the denial of service vulnerability (CVE-2019-9923) in F5 F5OS is publicly available. A local attacker may exploit the vulnerability to trigger a NULL pointer dereference. System administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

• F5OS-A versions 1.5.1 - 1.5.4
• F5OS-A versions 1.8.0 - 1.8.3
• F5OS-C versions 1.6.0 - 1.6.4
• F5OS-C versions 1.8.0 - 1.8.2

Impact:

Successful exploitation of the vulnerability could lead to remote code execution and denial of service on an affected system.

Recommendation:

Software updates for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. It is recommended to consult the product vendors for the fixes and assistance.

More Information:

• https://my.f5.com/manage/s/article/K000159077
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9923