Skip to main content

F5 BIG-IP Multiple Vulnerabilities

Release Date: 26 Aug 2021 5517 Views

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

Multiple vulnerabilities were identified in F5 BIG-IP, a remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, spoofing, remote code execution, sensitive information disclosure, data manipulation, cross-site scripting and security restriction bypass on the targeted system.


Impact

  • Cross-Site Scripting
  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure
  • Spoofing
  • Data Manipulation

System / Technologies affected

BIG-IP Advanced WAF and ASM systems

 

BIG-IP SSL Profile OCSP

 

BIG-IP (Guided Configuration)

  • version 7.0
  • version 6.0
  • version 5.0
  • version 4.1
  • version 3

 

BIG-IP (APM)

  • version 11.6.1 - 11.6.5
  • version 12.1.0 - 12.1.6
  • version 13.1.0 - 13.1.4
  • version 14.1.0 - 14.1.4
  • version 15.1.0 - 15.1.3
  • version 16.0.0 - 16.0.1

 

BIG-IP (all modules)

  • version 11.6.1 - 11.6.5
  • version 12.1.0 - 12.1.6
  • version 13.1.0 - 13.1.4
  • version 14.1.0 - 14.1.4
  • version 15.1.0 - 15.1.3
  • version 16.0.0 - 16.0.1

 

BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO)

  • version 12.1.0 - 12.1.6
  • version 13.1.0 - 13.1.4
  • version 14.1.0 - 14.1.4
  • version 15.1.0 - 15.1.3
  • version 16.0.0 - 16.0.1

 

BIG-IP (DNS)

  • version 12.1.0 - 12.1.6
  • version 13.1.0 - 13.1.4
  • version 14.1.0 - 14.1.4
  • version 15.1.0 - 15.1.3
  • version 16.0.0 - 16.0.1

 

BIG-IP AFM

  • version 12.1.0 - 12.1.6
  • version 13.1.0 - 13.1.3
  • version 14.1.0 - 14.1.4
  • version 15.1.0 - 15.1.2
  • version 16.0.0 - 16.0.1

 

BIG-IP (DataSafe)

  • version 16.0.0 - 16.0.1

 

BIG-IP (Advanced WAF, ASM)

  • version 11.6.1 - 11.6.5
  • version 12.1.0 - 12.1.6
  • version 13.1.0 - 13.1.4
  • version 14.1.0 - 14.1.4.1
  • version 15.1.0 - 15.1.3
  • version 16.0.0 - 16.0.1

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:


Vulnerability Identifier


Source


Related Link