F5 BIG-IP Vulnerability
Date of Notice: 05/05/2022
Action Level – Critical
Description
MCNC would like to alert you to a new vulnerability affecting F5 BIG-IP devices. This could allow undisclosed requests to bypass iControl REST authentication.
An unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses may be allowed to execute arbitrary system commands, create or delete files, or disable services.
Due to the critical impact of this vulnerability, immediate patching is recommended.
| Affected Products | Fixes introduced in |
| BIG-IP versions 16.1.0 to 16.1.2 | 16.1.2.2 |
| BIG-IP versions 15.1.0 to 15.1.5 | 15.1.5.1 |
| BIG-IP versions 14.1.0 to 14.1.4 | 14.1.4.6 |
| BIG-IP versions 13.1.0 to 13.1.4 | 13.1.5 |
| BIG-IP versions 12.1.0 to 12.1.6 | Will not fix |
| BIG-IP versions 11.6.1 to 11.6.5 | Will not fix |
Attack Vector
An authenticated, remote attacker with network access to the BIG-IP system.
Remediation
If you are running a version listed above in Affected Products, you can remediate this vulnerability by installing a fixed version.
Mitigation
If you are unable to immediately patch, you can use the following methods as temporary mitigations. These mitigations restrict access to iControl REST to only trusted networks or devices, thereby limiting the attack surface.
- Block iControl REST access through the self IP address
- Block iControl REST access through the management interface
- Modify the BIG-IP httpd configuration
More information on these mitigation techniques can be found at the link below in Vendor Resources.
Vendor Resources