Security Alert (A23-02-06): Multiple Vulnerabilities in F5 Products


 

Published on: 06 February 2023

Description:

F5 has published security advisories to address multiple vulnerabilities in F5 devices. The details about the vulnerabilities can be found at the following website:
https://my.f5.com/manage/s/article/K000130496

 

Affected Systems:

  • BIG-IP
  • BIG-IP APM Clients
  • BIG-IP SPK
  • BIG-IQ Centralized Management
  • F5OS-A
  • F5OS-C

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution or denial of service of an affected system.

 

Recommendation:

Patches for the affected systems are not yet available. Administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk. It is recommended to properly assess the impact before adopting the workaround and consult the product vendors for the assistance. As a security best practice, management access should be restricted to only trusted users and devices over a secure network.

 

More Information:

  • https://my.f5.com/manage/s/article/K000130496
  • https://www.hkcert.org/security-bulletin/f5-products-multiple-vulnerabilities_20230203
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22281
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22283
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22302
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22323
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22326
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22340 (to CVE-2023-22341)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22358
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22374
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22418
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22422
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22657
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22664
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22839
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22842
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23552
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23555


Tag: F5 , BIG-IP , BIG-IQ , F5OS
Tags