<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=244692402885131&amp;ev=PageView&amp;noscript=1">

Kritiske sårbarheter F5 Networks

Dag Philip Lango Thorbjørnsen 11. mar 2021


F5 Networks annonserte 10. mars informasjon om 7 sårbarheter i deres BIG-IP (og BIG-IQ) plattform. Det anbefales umiddelbar oppgradering for berørte systemer.

F5 Networks publiserte 10. mars K02566623, som avslørte flere sårbarheter i BIG-IP (alle moduler), BIG-IP Advanced WAF / ASM og BIG-IQ. Fire av de avslørte sårbarhetene er av kritisk alvorlighetsgrad.  CVE-2021-22986 og CVE-2021-22987 (henholdsvis CVSS 9.8 og CVSS 9.9) er sårbarheter i kontrollplanet for både iControl REST-grensesnittet og Traffic Management User Interface (TMUI).

CVE Severity CVSS score Affected products Affected versions Fixed versions Appliance mode / Non-Appliance mode Control plane / Data plane
CVE-2021-22986 Critical 9.8 BIG-IP (All modules) 16.0.0-16.0.1
15.1.0-15.1.2
14.1.0-14.1.3.1
13.1.0-13.1.3.5
12.1.0-12.1.5.2
16.0.1.1
15.1.2.1
14.1.4
13.1.3.6
12.1.5.3
Both Control plane – iControl REST
BIG-IQ 7.1.0-7.1.0.2
7.0.0-7.0.0.1
6.0.0-6.1.0
8.0.0
7.1.0.3
7.0.0.2
N/A Control plane – iControl REST
CVE-2021-22987 Critical 9.9 BIG-IP (All modules) 16.0.0-16.0.1
15.1.0-15.1.2
14.1.0-14.1.3.1
13.1.0-13.1.3.5
12.1.0-12.1.5.2
11.6.1-11.6.5.2
16.0.1.1
15.1.2.1
14.1.4
13.1.3.6
12.1.5.3
11.6.5.3
Appliance mode Control plane - TMUI
CVE-2021-22988 High 8.8 BIG-IP (All Modules) 16.0.0-16.0.1
15.1.0-15.1.2
14.1.0-14.1.3.1
13.1.0-13.1.3.5
12.1.0-12.1.5.2
11.6.1-11.6.5.2
16.0.1.1
15.1.2.1
14.1.4
13.1.3.6
12.1.5.3
11.6.5.3
Non-Appliance Mode Control plane - TMUI
CVE-2021-22989 High 8.0 BIG-IP Advanced WAF/ASM 16.0.0-16.0.1
15.1.0-15.1.2
14.1.0-14.1.3.1
13.1.0-13.1.3.5
12.1.0-12.1.5.2
11.6.1-11.6.5.2
16.0.1.1
15.1.2.1
14.1.4
13.1.3.6
12.1.5.3
11.6.5.3
Appliance mode Control plane - TMUI
CVE-2021-22990 Medium 6.6 BIG-IP Advanced WAF/ASM 16.0.0-16.0.1
15.1.0-15.1.2
14.1.0-14.1.3.1
13.1.0-13.1.3.5
12.1.0-12.1.5.2
11.6.1-11.6.5.2
16.0.1.1
15.1.2.1
14.1.4
13.1.3.6
12.1.5.3
11.6.5.3
Non-Appliance mode Control plane - TMUI
CVE-2021-22991 Critical 9.0 BIG-IP (All Modules)1 16.0.0-16.0.1
15.1.0-15.1.2
14.1.0-14.1.3.1
13.1.0-13.1.3.5
12.1.0-12.1.5.2
16.0.1.1
15.1.2.1
14.1.4
13.1.3.6
12.1.5.3
Both Data plane
CVE-2021-22992 Critical 9.0 BIG-IP Advanced WAF/ASM 16.0.0-16.0.1
15.1.0-15.1.2
14.1.0-14.1.3.1
13.1.0-13.1.3.5
12.1.0-12.1.5.2
11.6.1-11.6.5.2
16.0.1.1
15.1.2.1
14.1.4
13.1.3.6
12.1.5.3
11.6.5.3
Both Data plane

 

 

Tiltak

Oppdatering

 

Referanser

https://support.f5.com/csp/article/K02566623

 

KONTAKT MED NETSECURITY

Dersom du trenger hjelp for å verifisere om du er sårbar, har allerede blitt utsatt for angrep eller trenger hjelp med å sikre ditt system, se https://www.netsecurity.no/under-angrep