F5 BIG-IP Multiple Vulnerabilities

Release Date: 26 Aug 2021 6572 Views

RISK: Medium Risk

Medium Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities were identified in F5 BIG-IP, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, spoofing, remote code execution, sensitive information disclosure, data manipulation, cross-site scripting and security restriction bypass on the targeted system.

Impact

  • Cross-Site Scripting
  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure
  • Spoofing
  • Data Manipulation

System / Technologies affected

BIG-IP Advanced WAF and ASM systems

 

BIG-IP SSL Profile OCSP

 

BIG-IP (Guided Configuration)

  • version 7.0
  • version 6.0
  • version 5.0
  • version 4.1
  • version 3

 

BIG-IP (APM)

  • version 11.6.1 - 11.6.5
  • version 12.1.0 - 12.1.6
  • version 13.1.0 - 13.1.4
  • version 14.1.0 - 14.1.4
  • version 15.1.0 - 15.1.3
  • version 16.0.0 - 16.0.1

 

BIG-IP (all modules)

  • version 11.6.1 - 11.6.5
  • version 12.1.0 - 12.1.6
  • version 13.1.0 - 13.1.4
  • version 14.1.0 - 14.1.4
  • version 15.1.0 - 15.1.3
  • version 16.0.0 - 16.0.1

 

BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO)

  • version 12.1.0 - 12.1.6
  • version 13.1.0 - 13.1.4
  • version 14.1.0 - 14.1.4
  • version 15.1.0 - 15.1.3
  • version 16.0.0 - 16.0.1

 

BIG-IP (DNS)

  • version 12.1.0 - 12.1.6
  • version 13.1.0 - 13.1.4
  • version 14.1.0 - 14.1.4
  • version 15.1.0 - 15.1.3
  • version 16.0.0 - 16.0.1

 

BIG-IP AFM

  • version 12.1.0 - 12.1.6
  • version 13.1.0 - 13.1.3
  • version 14.1.0 - 14.1.4
  • version 15.1.0 - 15.1.2
  • version 16.0.0 - 16.0.1

 

BIG-IP (DataSafe)

  • version 16.0.0 - 16.0.1

 

BIG-IP (Advanced WAF, ASM)

  • version 11.6.1 - 11.6.5
  • version 12.1.0 - 12.1.6
  • version 13.1.0 - 13.1.4
  • version 14.1.0 - 14.1.4.1
  • version 15.1.0 - 15.1.3
  • version 16.0.0 - 16.0.1

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

Related Tags

F5Denial of ServiceCross Site ScriptingSecurity Restriction BypassRemote Code ExecutionData ManipulationInformation DisclosureSpoofing

Share with

Previous

Cisco Products Multiple Vulnerabilities

26 Aug 2021 5305 Views

Next

NetApp Products Multiple Vulnerabilities

30 Aug 2021 5096 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY