Security News > 2021 > August > Critical F5 BIG-IP bug impacts customers in sensitive sectors

Critical F5 BIG-IP bug impacts customers in sensitive sectors
2021-08-25 18:58

BIG-IP application services company F5 has fixed more than a dozen high-severity vulnerabilities in its networking device, one of them being elevated to critical severity under specific conditions.

The issues are part of this month's delivery of security updates, which addresses almost 30 vulnerabilities for multiple F5 devices.

Of the thirteen high-severity flaws that F5 fixed, one becomes critical in a configuration "Designed to meet the needs of customers in especially sensitive sectors" and could lead to complete system compromise.

For customers using the Appliance Mode, which applies some technical restrictions, the same vulnerability comes with a critical rating of 9.9 out of 10.

F5's security advisory for CVE-2021-23031 does not provide many details on why there are two severity ratings, but notes that there is a "Limited number of customers" that are impacted by the critical variant of the bug unless they install the updated version or apply mitigations.

Except for CVE-2021-23031, the dozen high-severity security bugs that F5 addressed this month come with risk scores between 7.2 and 7.5.


News URL

https://www.bleepingcomputer.com/news/security/critical-f5-big-ip-bug-impacts-customers-in-sensitive-sectors/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-09-14 CVE-2021-23031 OS Command Injection vulnerability in F5 products
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, 12.1.x before 12.1.6, and 11.6.x before 11.6.5.3, an authenticated user may perform a privilege escalation on the BIG-IP Advanced WAF and ASM Configuration utility.
network
low complexity
f5 CWE-78
critical
9.9

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
F5 141 6 267 399 64 736