High Threat Security Alert (A21-03-06): Multiple Vulnerabilities in F5 BIG-IP
12 March 2021
F5 has published security advisories to address multiple vulnerabilities in F5 devices. The details about the vulnerabilities and associated fixes can be found at the following website:
Reports indicate that vulnerabilities in F5 BIG-IP (CVE-2021-22986, CVE-2021-22987, CVE-2021-22991 and CVE-2021-22992) could allow a remote attacker to execute arbitrary commands or code on an affected system through specially crafted requests. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.
BIG-IP versions 16.0.0-16.0.1
BIG-IP versions 15.1.0-15.1.2
BIG-IP versions 14.1.0-18.104.22.168
BIG-IP versions 13.1.0-22.214.171.124
BIG-IP versions 12.1.0-126.96.36.199
BIG-IP versions 11.6.1-188.8.131.52
BIG-IQ versions 7.1.0-184.108.40.206
BIG-IQ versions 7.0.0-220.127.116.11
BIG-IQ versions 6.0.0-6.1.0
BIG-IP Advanced WAF/ASM versions 16.0.0-16.0.1
BIG-IP Advanced WAF/ASM versions 15.1.0-15.1.2
BIG-IP Advanced WAF/ASM versions 14.1.0-18.104.22.168
BIG-IP Advanced WAF/ASM versions 13.1.0-22.214.171.124
BIG-IP Advanced WAF/ASM versions 12.1.0-126.96.36.199
BIG-IP Advanced WAF/ASM versions 11.6.1-188.8.131.52
Successful exploitation of the vulnerabilities could lead to arbitrary commands execution, arbitrary code execution, and denial of service of an affected system.
Software updates for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. It is recommended to consult the product vendors for the fixes and assistance.
System administrators are advised to follow the security best practice to only permit management access to the products over a secure network and limit shell access to trusted users.