Security Alert (A22-11-15): Multiple Vulnerabilities in F5 Products


 

Published on: 17 November 2022

Description:

F5 has published security advisories to address multiple vulnerabilities in BIG-IP and BIG-IQ devices. The details about the vulnerabilities can be found at the following website:
https://support.f5.com/csp/article/K97843387

 

Affected Systems:

  • BIG-IP versions 17.0.0
  • BIG-IP versions 16.1.0-16.1.3
  • BIG-IP versions 15.1.0-15.1.8
  • BIG-IP versions 14.1.0-14.1.5
  • BIG-IP versions 13.1.0-13.1.5
  • BIG-IQ versions 8.0.0-8.2.0
  • BIG-IQ versions 7.1.0

 

Impact:

Successful exploitation of the vulnerabilities could lead to security restriction bypass or system compromise of an affected system.

 

Recommendation:

Patches for the affected systems are not yet available. Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. It is recommended to properly assess the impact before adopting the workaround and consult the product vendors for the assistance. As a security best practice, management access should be restricted to only trusted users and devices over a secure network.

 

More Information:

  • https://support.f5.com/csp/article/K97843387
  • https://support.f5.com/csp/article/K94221585
  • https://support.f5.com/csp/article/K13325942
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41622
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41800


Tag: F5 , BIG-IP , BIG-IQ
Tags