1. 主页
  2. 保安警报
  3. 保安警报 (A26-02-11)

高危保安警报 (A26-02-11): F5 产品多个漏洞


 

发布日期: 2026年 2月 9日

描述:

F5 发布了安全公告,以应对 F5 产品的多个漏洞。有关漏洞资料的详情,请参考以下网址:
https://my.f5.com/manage/s/article/K000135178
https://my.f5.com/manage/s/article/K000135921
https://my.f5.com/manage/s/article/K000137090
https://my.f5.com/manage/s/article/K000137093
https://my.f5.com/manage/s/article/K000138219
https://my.f5.com/manage/s/article/K000138650
https://my.f5.com/manage/s/article/K000138827
https://my.f5.com/manage/s/article/K000139641
https://my.f5.com/manage/s/article/K000139700
https://my.f5.com/manage/s/article/K000139901
https://my.f5.com/manage/s/article/K000148252
https://my.f5.com/manage/s/article/K000148259
https://my.f5.com/manage/s/article/K000148713
https://my.f5.com/manage/s/article/K000159887
https://my.f5.com/manage/s/article/K000159900
https://my.f5.com/manage/s/article/K00409335
https://my.f5.com/manage/s/article/K04107324
https://my.f5.com/manage/s/article/K04337834
https://my.f5.com/manage/s/article/K04367730
https://my.f5.com/manage/s/article/K05975972
https://my.f5.com/manage/s/article/K08827426
https://my.f5.com/manage/s/article/K08832573
https://my.f5.com/manage/s/article/K10224912
https://my.f5.com/manage/s/article/K11315080
https://my.f5.com/manage/s/article/K11542555
https://my.f5.com/manage/s/article/K12252011
https://my.f5.com/manage/s/article/K21350967
https://my.f5.com/manage/s/article/K21548854
https://my.f5.com/manage/s/article/K24624116
https://my.f5.com/manage/s/article/K31085564
https://my.f5.com/manage/s/article/K32380005
https://my.f5.com/manage/s/article/K34120074
https://my.f5.com/manage/s/article/K38271531
https://my.f5.com/manage/s/article/K38481791
https://my.f5.com/manage/s/article/K40508224
https://my.f5.com/manage/s/article/K42531048
https://my.f5.com/manage/s/article/K42910051
https://my.f5.com/manage/s/article/K44454157
https://my.f5.com/manage/s/article/K46641512
https://my.f5.com/manage/s/article/K48050136
https://my.f5.com/manage/s/article/K58243048
https://my.f5.com/manage/s/article/K67830124
https://my.f5.com/manage/s/article/K80311892
https://my.f5.com/manage/s/article/K83102920
https://my.f5.com/manage/s/article/K90011301
https://my.f5.com/manage/s/article/K92451315

有报告指多个漏洞 (CVE-2018-25032 、 CVE-2019-6110 、 CVE-2019-6111 、 CVE-2023-46218 及 CVE-2023-51385) 的概念验证 (PoC) 程式码已被公开。系统管理员应立即为受影响的系统安装修补程式,以减低受到网络攻击的风险。

 

受影响的系统:

  • APM Clients 版本 7.2.5
  • BIG-IP (所有模组) 版本 11.5.2 至 11.6.5
  • BIG-IP (所有模组) 版本 12.1.0 至 12.1.6
  • BIG-IP (所有模组) 版本 13.1.0 至 13.1.5
  • BIG-IP (所有模组) 版本 14.0.0 至 14.1.5
  • BIG-IP (所有模组) 版本 15.0.0 至 15.1.10
  • BIG-IP (所有模组) 版本 16.0.0 至 16.1.6
  • BIG-IP (所有模组) 版本 17.0.0 至 17.1.3
  • BIG-IP (所有模组) 版本 17.5.0 至 17.5.1
  • BIG-IP (所有模组) 版本 21.0.0
  • BIG-IP Next (LTM, WAF) 版本 20.0.1 至 20.3.0
  • BIG-IP Next (所有模组) 版本 20.0.1 至 20.0.2
  • BIG-IP Next CNF 版本 1.1.0 至 1.4.1
  • BIG-IP Next CNF 版本 2.0.0 至 2.2.0
  • BIG-IP Next Central Manager 版本 20.0.1 至 20.0.2
  • BIG-IP Next SPK 版本 1.5.0 至 1.9.2
  • BIG-IP Next SPK 版本 2.0.0 至 2.0.2
  • BIG-IP Next for Kubernetes 版本 2.0.0 至 2.2.0
  • BIG-IQ Centralized Management 版本 5.0.0 至 5.4.0
  • BIG-IQ Centralized Management 版本 6.0.0 至 6.1.0
  • BIG-IQ Centralized Management 版本 7.0.0 至 7.1.0
  • BIG-IQ Centralized Management 版本 8.0.0 至 8.4.1
  • Enterprise Manager 版本 3.1.1
  • F5 iWorkflow 版本 2.3.0
  • F5OS 版本 1.0.0 至 1.2.2
  • F5OS-A 版本 1.0.0 至 1.8.3
  • F5OS-C 版本 1.0.0 至 1.8.2
  • Traffix SDC 版本 4.4.0
  • Traffix SDC 版本 5.0.0 至 5.2.0

 

影响:

成功利用漏洞可以导致受影响的系统发生远端执行程式码、服务被拒绝、权限提升、泄漏资讯、绕过保安限制、仿冒诈骗或篡改。

 

建议:

现已有适用于受影响系统的软件更新。受影响系统的系统管理员应遵从产品供应商的建议,立即採取行动以降低风险。建议谘询产品供应商以取得修补程式及有关支援。

 

进一步资讯:

  • https://my.f5.com/manage/s/article/K000135178
  • https://my.f5.com/manage/s/article/K000135921
  • https://my.f5.com/manage/s/article/K000137090
  • https://my.f5.com/manage/s/article/K000137093
  • https://my.f5.com/manage/s/article/K000138219
  • https://my.f5.com/manage/s/article/K000138650
  • https://my.f5.com/manage/s/article/K000138827
  • https://my.f5.com/manage/s/article/K000139641
  • https://my.f5.com/manage/s/article/K000139700
  • https://my.f5.com/manage/s/article/K000139901
  • https://my.f5.com/manage/s/article/K000148252
  • https://my.f5.com/manage/s/article/K000148259
  • https://my.f5.com/manage/s/article/K000148713
  • https://my.f5.com/manage/s/article/K000159887
  • https://my.f5.com/manage/s/article/K000159900
  • https://my.f5.com/manage/s/article/K00409335
  • https://my.f5.com/manage/s/article/K04107324
  • https://my.f5.com/manage/s/article/K04337834
  • https://my.f5.com/manage/s/article/K04367730
  • https://my.f5.com/manage/s/article/K05975972
  • https://my.f5.com/manage/s/article/K08827426
  • https://my.f5.com/manage/s/article/K08832573
  • https://my.f5.com/manage/s/article/K10224912
  • https://my.f5.com/manage/s/article/K11315080
  • https://my.f5.com/manage/s/article/K11542555
  • https://my.f5.com/manage/s/article/K12252011
  • https://my.f5.com/manage/s/article/K21350967
  • https://my.f5.com/manage/s/article/K21548854
  • https://my.f5.com/manage/s/article/K24624116
  • https://my.f5.com/manage/s/article/K31085564
  • https://my.f5.com/manage/s/article/K32380005
  • https://my.f5.com/manage/s/article/K34120074
  • https://my.f5.com/manage/s/article/K38271531
  • https://my.f5.com/manage/s/article/K38481791
  • https://my.f5.com/manage/s/article/K40508224
  • https://my.f5.com/manage/s/article/K42531048
  • https://my.f5.com/manage/s/article/K42910051
  • https://my.f5.com/manage/s/article/K44454157
  • https://my.f5.com/manage/s/article/K46641512
  • https://my.f5.com/manage/s/article/K48050136
  • https://my.f5.com/manage/s/article/K58243048
  • https://my.f5.com/manage/s/article/K67830124
  • https://my.f5.com/manage/s/article/K80311892
  • https://my.f5.com/manage/s/article/K83102920
  • https://my.f5.com/manage/s/article/K90011301
  • https://my.f5.com/manage/s/article/K92451315
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9382
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349 (to CVE-2016-10350)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10661
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18342
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7167
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12115 (to CVE-2018-12116)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12121 (to CVE-2018-12123)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18397
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1125
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856 (to CVE-2019-3858)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862 (to CVE-2019-3863)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109 (to CVE-2019-6111)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10208
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13232
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18282
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1720
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5923
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10029
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10878
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14145
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14314
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17507
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22218
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25217
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0359
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26340
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43750
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24329
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46218
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6232
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58187
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1642
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20732
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22548


标签 : F5 , APM Clients , BIG-IP , BIG-IQ , F5 EM , F5 iWorkflow , F5OS-A , F5OS-C , Traffix SDC
标签