1. 主頁
  2. 保安警報
  3. 保安警報 (A26-02-11)

高危保安警報 (A26-02-11): F5 產品多個漏洞


 

發布日期: 2026年 2月 9日

描述:

F5 發布了安全公告,以應對 F5 產品的多個漏洞。有關漏洞資料的詳情,請參考以下網址:
https://my.f5.com/manage/s/article/K000135178
https://my.f5.com/manage/s/article/K000135921
https://my.f5.com/manage/s/article/K000137090
https://my.f5.com/manage/s/article/K000137093
https://my.f5.com/manage/s/article/K000138219
https://my.f5.com/manage/s/article/K000138650
https://my.f5.com/manage/s/article/K000138827
https://my.f5.com/manage/s/article/K000139641
https://my.f5.com/manage/s/article/K000139700
https://my.f5.com/manage/s/article/K000139901
https://my.f5.com/manage/s/article/K000148252
https://my.f5.com/manage/s/article/K000148259
https://my.f5.com/manage/s/article/K000148713
https://my.f5.com/manage/s/article/K000159887
https://my.f5.com/manage/s/article/K000159900
https://my.f5.com/manage/s/article/K00409335
https://my.f5.com/manage/s/article/K04107324
https://my.f5.com/manage/s/article/K04337834
https://my.f5.com/manage/s/article/K04367730
https://my.f5.com/manage/s/article/K05975972
https://my.f5.com/manage/s/article/K08827426
https://my.f5.com/manage/s/article/K08832573
https://my.f5.com/manage/s/article/K10224912
https://my.f5.com/manage/s/article/K11315080
https://my.f5.com/manage/s/article/K11542555
https://my.f5.com/manage/s/article/K12252011
https://my.f5.com/manage/s/article/K21350967
https://my.f5.com/manage/s/article/K21548854
https://my.f5.com/manage/s/article/K24624116
https://my.f5.com/manage/s/article/K31085564
https://my.f5.com/manage/s/article/K32380005
https://my.f5.com/manage/s/article/K34120074
https://my.f5.com/manage/s/article/K38271531
https://my.f5.com/manage/s/article/K38481791
https://my.f5.com/manage/s/article/K40508224
https://my.f5.com/manage/s/article/K42531048
https://my.f5.com/manage/s/article/K42910051
https://my.f5.com/manage/s/article/K44454157
https://my.f5.com/manage/s/article/K46641512
https://my.f5.com/manage/s/article/K48050136
https://my.f5.com/manage/s/article/K58243048
https://my.f5.com/manage/s/article/K67830124
https://my.f5.com/manage/s/article/K80311892
https://my.f5.com/manage/s/article/K83102920
https://my.f5.com/manage/s/article/K90011301
https://my.f5.com/manage/s/article/K92451315

有報告指多個漏洞 (CVE-2018-25032 、 CVE-2019-6110 、 CVE-2019-6111 、 CVE-2023-46218 及 CVE-2023-51385) 的概念驗證 (PoC) 程式碼已被公開。系統管理員應立即為受影響的系統安裝修補程式,以減低受到網絡攻擊的風險。

 

受影響的系統:

  • APM Clients 版本 7.2.5
  • BIG-IP (所有模組) 版本 11.5.2 至 11.6.5
  • BIG-IP (所有模組) 版本 12.1.0 至 12.1.6
  • BIG-IP (所有模組) 版本 13.1.0 至 13.1.5
  • BIG-IP (所有模組) 版本 14.0.0 至 14.1.5
  • BIG-IP (所有模組) 版本 15.0.0 至 15.1.10
  • BIG-IP (所有模組) 版本 16.0.0 至 16.1.6
  • BIG-IP (所有模組) 版本 17.0.0 至 17.1.3
  • BIG-IP (所有模組) 版本 17.5.0 至 17.5.1
  • BIG-IP (所有模組) 版本 21.0.0
  • BIG-IP Next (LTM, WAF) 版本 20.0.1 至 20.3.0
  • BIG-IP Next (所有模組) 版本 20.0.1 至 20.0.2
  • BIG-IP Next CNF 版本 1.1.0 至 1.4.1
  • BIG-IP Next CNF 版本 2.0.0 至 2.2.0
  • BIG-IP Next Central Manager 版本 20.0.1 至 20.0.2
  • BIG-IP Next SPK 版本 1.5.0 至 1.9.2
  • BIG-IP Next SPK 版本 2.0.0 至 2.0.2
  • BIG-IP Next for Kubernetes 版本 2.0.0 至 2.2.0
  • BIG-IQ Centralized Management 版本 5.0.0 至 5.4.0
  • BIG-IQ Centralized Management 版本 6.0.0 至 6.1.0
  • BIG-IQ Centralized Management 版本 7.0.0 至 7.1.0
  • BIG-IQ Centralized Management 版本 8.0.0 至 8.4.1
  • Enterprise Manager 版本 3.1.1
  • F5 iWorkflow 版本 2.3.0
  • F5OS 版本 1.0.0 至 1.2.2
  • F5OS-A 版本 1.0.0 至 1.8.3
  • F5OS-C 版本 1.0.0 至 1.8.2
  • Traffix SDC 版本 4.4.0
  • Traffix SDC 版本 5.0.0 至 5.2.0

 

影響:

成功利用漏洞可以導致受影響的系統發生遠端執行程式碼、服務被拒絕、權限提升、泄漏資訊、繞過保安限制、仿冒詐騙或篡改。

 

建議:

現已有適用於受影響系統的軟件更新。受影響系統的系統管理員應遵從產品供應商的建議,立即採取行動以降低風險。建議諮詢產品供應商以取得修補程式及有關支援。

 

進一步資訊:

  • https://my.f5.com/manage/s/article/K000135178
  • https://my.f5.com/manage/s/article/K000135921
  • https://my.f5.com/manage/s/article/K000137090
  • https://my.f5.com/manage/s/article/K000137093
  • https://my.f5.com/manage/s/article/K000138219
  • https://my.f5.com/manage/s/article/K000138650
  • https://my.f5.com/manage/s/article/K000138827
  • https://my.f5.com/manage/s/article/K000139641
  • https://my.f5.com/manage/s/article/K000139700
  • https://my.f5.com/manage/s/article/K000139901
  • https://my.f5.com/manage/s/article/K000148252
  • https://my.f5.com/manage/s/article/K000148259
  • https://my.f5.com/manage/s/article/K000148713
  • https://my.f5.com/manage/s/article/K000159887
  • https://my.f5.com/manage/s/article/K000159900
  • https://my.f5.com/manage/s/article/K00409335
  • https://my.f5.com/manage/s/article/K04107324
  • https://my.f5.com/manage/s/article/K04337834
  • https://my.f5.com/manage/s/article/K04367730
  • https://my.f5.com/manage/s/article/K05975972
  • https://my.f5.com/manage/s/article/K08827426
  • https://my.f5.com/manage/s/article/K08832573
  • https://my.f5.com/manage/s/article/K10224912
  • https://my.f5.com/manage/s/article/K11315080
  • https://my.f5.com/manage/s/article/K11542555
  • https://my.f5.com/manage/s/article/K12252011
  • https://my.f5.com/manage/s/article/K21350967
  • https://my.f5.com/manage/s/article/K21548854
  • https://my.f5.com/manage/s/article/K24624116
  • https://my.f5.com/manage/s/article/K31085564
  • https://my.f5.com/manage/s/article/K32380005
  • https://my.f5.com/manage/s/article/K34120074
  • https://my.f5.com/manage/s/article/K38271531
  • https://my.f5.com/manage/s/article/K38481791
  • https://my.f5.com/manage/s/article/K40508224
  • https://my.f5.com/manage/s/article/K42531048
  • https://my.f5.com/manage/s/article/K42910051
  • https://my.f5.com/manage/s/article/K44454157
  • https://my.f5.com/manage/s/article/K46641512
  • https://my.f5.com/manage/s/article/K48050136
  • https://my.f5.com/manage/s/article/K58243048
  • https://my.f5.com/manage/s/article/K67830124
  • https://my.f5.com/manage/s/article/K80311892
  • https://my.f5.com/manage/s/article/K83102920
  • https://my.f5.com/manage/s/article/K90011301
  • https://my.f5.com/manage/s/article/K92451315
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9382
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349 (to CVE-2016-10350)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10661
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18342
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1122
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7167
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12115 (to CVE-2018-12116)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12121 (to CVE-2018-12123)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18397
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1125
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856 (to CVE-2019-3858)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862 (to CVE-2019-3863)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6109 (to CVE-2019-6111)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10208
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13232
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18282
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1720
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1968
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1971
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5923
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10029
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10878
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14145
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14314
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17507
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22218
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23840
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25217
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0359
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26340
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40674
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43750
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2650
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24329
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46218
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6232
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58187
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1642
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-20732
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22548


標籤 : F5 , APM Clients , BIG-IP , BIG-IQ , F5 EM , F5 iWorkflow , F5OS-A , F5OS-C , Traffix SDC
標籤