F5 Products Multiple Vulnerabilities
RISK: High Risk
TYPE: Operating Systems - Networks OS
Multiple vulnerabilities were identified in F5 Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition on the targeted system.
Note:
No patch is currently available for CVE-2022-43680 of some of the affected products.
No patch is currently available for CVE-2023-38709 of the affected products.
Impact
- Denial of Service
System / Technologies affected
BIG-IP (all modules)
- 15.1.0 - 15.1.10
- 16.1.0 - 16.1.4
- 17.1.0 - 17.1.1
BIG-IP (Advanced WAF/ASM)
- 15.1.0 - 15.1.10
- 16.1.0 - 16.1.4
- 17.1.0 - 17.1.1
BIG-IQ Centralized Management
- 8.1.0 - 8.3.0
Traffix SDC
- 5.1.0
- 5.2.0
F5OS-A
- 1.5.1 - 1.5.2
- 1.7.0
F5OS0C
- 1.6.0 - 1.6.2
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
Apply workarounds issued by the vendor:
Workaround:
Reduce the vulnerability of attacks of CVE-2022-43680 by following workaround:
BIG-IP Advanced WAF/ASM
- Do not write any custom scripts or tools using Expat.
BIG-IQ, F5OS-C/A
- Restrict access to the known, good source IP addresses, and allow access to only trusted users.
Reduce the vulnerability of attacks of CVE-2023-38709 by following workaround:
BIG-IP
- Block Configuration utility access through self IP addresses and the management interface .
F5OS
- Permit management access to F5OS only over a secure network and restrict access to only trusted users.
Vulnerability Identifier
Source
Related Link
Related Tags
Share with