05.05.2022

F5 BIG-IP Vulnerability

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 05/05/2022

Action Level – Critical

Description

MCNC would like to alert you to a new vulnerability affecting F5 BIG-IP devices. This could allow undisclosed requests to bypass iControl REST authentication.

An unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses may be allowed to execute arbitrary system commands, create or delete files, or disable services.

Due to the critical impact of this vulnerability, immediate patching is recommended.

Affected ProductsFixes introduced in
BIG-IP versions 16.1.0 to 16.1.216.1.2.2
BIG-IP versions 15.1.0 to 15.1.515.1.5.1
BIG-IP versions 14.1.0 to 14.1.414.1.4.6
BIG-IP versions 13.1.0 to 13.1.413.1.5
BIG-IP versions 12.1.0 to 12.1.6Will not fix
BIG-IP versions 11.6.1 to 11.6.5Will not fix

Attack Vector

An authenticated, remote attacker with network access to the BIG-IP system.

Remediation

If you are running a version listed above in Affected Products, you can remediate this vulnerability by installing a fixed version.

Mitigation

If you are unable to immediately patch, you can use the following methods as temporary mitigations. These mitigations restrict access to iControl REST to only trusted networks or devices, thereby limiting the attack surface.

  • Block iControl REST access through the self IP address
  • Block iControl REST access through the management interface
  • Modify the BIG-IP httpd configuration

More information on these mitigation techniques can be found at the link below in Vendor Resources.

Vendor Resources

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC