Security News > 2021 > March > F5 Patches Four Critical Bugs in Big-IP Suite
Application services and network delivery firm F5 on Wednesday announced the release of patches for seven related vulnerabilities in BIG-IP, including four with a "Critical" severity rating.
On March 10, F5 announced the release of fixes for multiple vulnerabilities in BIG-IP, some of which also impact BIG-IQ, a framework designed to help with the management of BIG-IP devices and application services.
Four critical vulnerabilities in BIG-IP were announced, including one impacting BIG-IQ, along with seven high severity vulnerabilities and ten medium severity.
"The bottom line is that they affect all BIG-IP and BIG-IQ customers and instances-we urge all customers to update their BIG-IP and BIG-IQ deployments to the fixed versions as soon as possible," F5 says.
The most important of the four critical bugs is CVE-2021-22986, an unauthenticated remote command execution vulnerability in the iControl REST interface, which impacts both BIG-IP and BIG-IQ, F5 says.
"We strongly recommend that all customers update their BIG-IP and BIG-IQ deployments to a fixed version as soon as possible-this is the only way to fully address the vulnerabilities," F5 added.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-31 | CVE-2021-22986 | Server-Side Request Forgery (SSRF) vulnerability in F5 products On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated remote command execution vulnerability. | 9.8 |