F5 Warns of Critical Vulnerabilities in BIG-IP Platform


F5 alerts organizations to several critical vulnerabilities in the BIG-IP platform that allow unauthenticated attackers to take over systems remotely. Last year, a critical vulnerability in the platform was attacked by criminals on a large scale .


F5's BIG-IP platform is used for various applications such as load balancing and application delivery. F5 released a BIG-IP security bulletin yesterday that fixes seven vulnerabilities, four of which have been identified as critical. Two vulnerabilities stand out, namely CVE-2021-22986 and CVE-2021-22987.


CVE-2021-22986 addresses a vulnerability in the iControl REST interface of BIG-IP and BIG-IQ that could allow an unauthenticated attacker to execute remote code. Vulnerability was assessed on a scale of 1 to 10 with regard to severity with a 9.8. The other vulnerability resides in BIG-IP's Traffic Management User Interface (TMUI) and has an impact score of 9.9. However, this vulnerability can only be exploited by an authenticated attacker.


Due to the severity of the vulnerabilities, F5 advises organizations to install the security updates as soon as possible. The vulnerabilities have been fixed in BIG-IP versions 16.0.1.1, 15.1.2.1, 14.1.4, 13.1.3.6, 12.1.5.3 and 11.6.5.3. Organizations using BIG-IQ can update to version 8.0.0, 7.1.0.3 and 7.0.0.2.

Previous Post Next Post