Security News > 2021 > August > F5 Bug Could Lead to Complete System Takeover
Application delivery and networking firm F5 released a baker's dozen of 13 fixes for high-severity bugs, including one that could lead to complete system takeover and hence is boosted to "Critical" for customers in "Especially sensitive sectors."
F5 - maker of near-ubiquitously installed enterprise networking gear - released nearly 30 vulnerabilities for multiple devices in its August security updates.
F5 said that when the vulnerability is exploited, "An authenticated attacker with access to the Configuration utility can execute arbitrary system commands, create or delete files, and/or disable services," potentially leading to "Complete system compromise."
The Appliance mode adds technical restrictions and is designed to meet the needs of customers in "Especially sensitive sectors" by "Limiting the BIG-IP system administrative access to match that of a typical network appliance and not a multi-user UNIX device."
F5 lists a number of products that contain the affected code but aren't vulnerable, given that attackers can't exploit the code in default, standard or recommended configurations.
The Cybersecurity and Infrastructure Security Agency issued a security advisory encouraging users and admins to review F5's security advisory and to update the software or to apply mitigations ASAP. "Don't delay" is, of course, good advice when it comes to F5 equipment, given that the company's enterprise networking can be found in some of the largest tech companies in the world, including Facebook, Microsoft and Oracle.
News URL
https://threatpost.com/f5-critical-bug-system-takeover/168952/