F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution (RCE) vulnerabilities affecting most BIG-IP and BIG-IQ software versions.
F5 BIG-IP software and hardware customers include governments, Fortune 500 firms, banks, internet service providers, and consumer brands (including Microsoft, Oracle, and Facebook), with the company claiming that “48 of the Fortune 50 rely on F5.”
The four critical vulnerabilities listed below also include a pre-auth RCE security flaw (CVE-2021-22986) which allows unauthenticated remote attackers to execute arbitrary commands on compromised BIG-IP devices:
Also Read: What You Should Know About The Data Protection Obligation Singapore
Today, F5 published security advisories on three other RCE vulnerabilities (two high and one medium, with CVSS severity ratings between 6.6 and 8.8), allowing authenticated remote attackers to execute arbitrary system commands.
Successful exploitation of critical BIG-IP RCE vulnerabilities could lead to full system compromise, including the interception of controller application traffic and lateral movement to the internal network.
The seven vulnerabilities are fixed in the following BIG-IP versions: 16.0.1.1, 15.1.2.1, 14.1.4, 13.1.3.6, 12.1.5.3, and 11.6.5.3, according to F5.
CVE-2021-22986, the pre-auth RCE flaw, also affects BIG-IQ (a management solution for BIG-IP devices), and it was fixed in 8.0.0, 7.1.0.3, and 7.0.0.2.
“We strongly encourage all customers to update their BIG-IP and BIG-IQ systems to a fixed version as soon as possible,” F5 says in a notification published earlier today.
“To fully remediate the critical vulnerabilities, all BIG-IP customers will need to update to a fixed version.”
F5 provides information on how to upgrade the software running on your BIG-IP appliances with details on multiple upgrade scenarios in this BIG-IP upgrade guide.
In July 2020, F5 patched a critical RCE vulnerability with a maximum 10/10 CVSSv3 rating tracked as CVE-2020-5902 and affecting the Traffic Management User Interface (TMUI) of BIG-IP ADC appliances.
Similar to the pre-auth RCE bug announced today, CVE-2020-5902 allows unauthenticated attackers to run arbitrary system commands following successful exploitation.
Dragos security researchers reported in September that the Iranian-backed Pioneer Kitten hacking group started targeting enterprises that didn’t patch their BIG-IP devices starting with early-July 2020 after the flaw was announced.
Also Read: The Difference Between GDPR And PDPA Under 10 Key Issues
The malicious activity revealed by Dragos lined up with an August FBI Private Industry Notification also warning of Iranian state hackers attempting to exploit vulnerable Big-IP ADC devices since early July 2020.
CISA issued another advisory regarding China-sponsored hackers targeting government agencies by hunting down and trying to hack F5, Microsoft Exchange, Citrix, Pulse Secure devices and servers.
Enterprises with unpatched F5 BIG-IP ADCs face an even higher risk from financially motivated threat actors that might also deploy ransomware on compromised networks and steal credentials to access other network devices.
Importance of Efficient Access Controls that every Organisation in Singapore should take note of. Enhancing…
Prioritizing Security Measures When Launching a Webpage That Every Organisation in Singapore should take note…
Importance of Regularly Changing Passwords for Enhance Online Security that every Organisation in Singapore should…
Comprehensive Approach to Data Protection and Operational Integrity that every Organsiation in Singapore should know…
Here's the importance of Pre-Launch Testing in IT Systems Implementation for Organisations in Singapore. The…
Understanding Liability in IT Vendor Relationships that every Organisation in Singapore should look at. Understanding…
This website uses cookies.
