Security News > 2021 > March > F5 Patches Four Critical Bugs in Big-IP Suite

F5 Patches Four Critical Bugs in Big-IP Suite
2021-03-10 20:25

Application services and network delivery firm F5 on Wednesday announced the release of patches for seven related vulnerabilities in BIG-IP, including four with a "Critical" severity rating.

On March 10, F5 announced the release of fixes for multiple vulnerabilities in BIG-IP, some of which also impact BIG-IQ, a framework designed to help with the management of BIG-IP devices and application services.

Four critical vulnerabilities in BIG-IP were announced, including one impacting BIG-IQ, along with seven high severity vulnerabilities and ten medium severity.

"The bottom line is that they affect all BIG-IP and BIG-IQ customers and instances-we urge all customers to update their BIG-IP and BIG-IQ deployments to the fixed versions as soon as possible," F5 says.

The most important of the four critical bugs is CVE-2021-22986, an unauthenticated remote command execution vulnerability in the iControl REST interface, which impacts both BIG-IP and BIG-IQ, F5 says.

"We strongly recommend that all customers update their BIG-IP and BIG-IQ deployments to a fixed version as soon as possible-this is the only way to fully address the vulnerabilities," F5 added.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/AeDoedbIV_8/f5-patches-four-critical-bugs-big-ip-suite

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-03-31 CVE-2021-22986 Server-Side Request Forgery (SSRF) vulnerability in F5 products
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability.
network
low complexity
f5 CWE-918
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
F5 141 6 267 399 64 736