Skip to main content

    F5 Networks annonserte 10. mars informasjon om 7 sårbarheter i deres BIG-IP (og BIG-IQ) plattform. Det anbefales umiddelbar oppgradering for berørte systemer.

    F5 Networks publiserte 10. mars K02566623, som avslørte flere sårbarheter i BIG-IP (alle moduler), BIG-IP Advanced WAF / ASM og BIG-IQ. Fire av de avslørte sårbarhetene er av kritisk alvorlighetsgrad.  CVE-2021-22986 og CVE-2021-22987 (henholdsvis CVSS 9.8 og CVSS 9.9) er sårbarheter i kontrollplanet for både iControl REST-grensesnittet og Traffic Management User Interface (TMUI).

    CVE Severity CVSS score Affected products Affected versions Fixed versions Appliance mode / Non-Appliance mode Control plane / Data plane
    CVE-2021-22986 Critical 9.8 BIG-IP (All modules) 16.0.0-16.0.1
    15.1.0-15.1.2
    14.1.0-14.1.3.1
    13.1.0-13.1.3.5
    12.1.0-12.1.5.2
    16.0.1.1
    15.1.2.1
    14.1.4
    13.1.3.6
    12.1.5.3
    Both Control plane – iControl REST
    BIG-IQ 7.1.0-7.1.0.2
    7.0.0-7.0.0.1
    6.0.0-6.1.0
    8.0.0
    7.1.0.3
    7.0.0.2
    N/A Control plane – iControl REST
    CVE-2021-22987 Critical 9.9 BIG-IP (All modules) 16.0.0-16.0.1
    15.1.0-15.1.2
    14.1.0-14.1.3.1
    13.1.0-13.1.3.5
    12.1.0-12.1.5.2
    11.6.1-11.6.5.2
    16.0.1.1
    15.1.2.1
    14.1.4
    13.1.3.6
    12.1.5.3
    11.6.5.3
    Appliance mode Control plane - TMUI
    CVE-2021-22988 High 8.8 BIG-IP (All Modules) 16.0.0-16.0.1
    15.1.0-15.1.2
    14.1.0-14.1.3.1
    13.1.0-13.1.3.5
    12.1.0-12.1.5.2
    11.6.1-11.6.5.2
    16.0.1.1
    15.1.2.1
    14.1.4
    13.1.3.6
    12.1.5.3
    11.6.5.3
    Non-Appliance Mode Control plane - TMUI
    CVE-2021-22989 High 8.0 BIG-IP Advanced WAF/ASM 16.0.0-16.0.1
    15.1.0-15.1.2
    14.1.0-14.1.3.1
    13.1.0-13.1.3.5
    12.1.0-12.1.5.2
    11.6.1-11.6.5.2
    16.0.1.1
    15.1.2.1
    14.1.4
    13.1.3.6
    12.1.5.3
    11.6.5.3
    Appliance mode Control plane - TMUI
    CVE-2021-22990 Medium 6.6 BIG-IP Advanced WAF/ASM 16.0.0-16.0.1
    15.1.0-15.1.2
    14.1.0-14.1.3.1
    13.1.0-13.1.3.5
    12.1.0-12.1.5.2
    11.6.1-11.6.5.2
    16.0.1.1
    15.1.2.1
    14.1.4
    13.1.3.6
    12.1.5.3
    11.6.5.3
    Non-Appliance mode Control plane - TMUI
    CVE-2021-22991 Critical 9.0 BIG-IP (All Modules)1 16.0.0-16.0.1
    15.1.0-15.1.2
    14.1.0-14.1.3.1
    13.1.0-13.1.3.5
    12.1.0-12.1.5.2
    16.0.1.1
    15.1.2.1
    14.1.4
    13.1.3.6
    12.1.5.3
    Both Data plane
    CVE-2021-22992 Critical 9.0 BIG-IP Advanced WAF/ASM 16.0.0-16.0.1
    15.1.0-15.1.2
    14.1.0-14.1.3.1
    13.1.0-13.1.3.5
    12.1.0-12.1.5.2
    11.6.1-11.6.5.2
    16.0.1.1
    15.1.2.1
    14.1.4
    13.1.3.6
    12.1.5.3
    11.6.5.3
    Both Data plane

     

     

    Tiltak

    Oppdatering

     

    Referanser

    https://support.f5.com/csp/article/K02566623

     

    KONTAKT MED NETSECURITY

    Dersom du trenger hjelp for å verifisere om du er sårbar, har allerede blitt utsatt for angrep eller trenger hjelp med å sikre ditt system, se https://www.netsecurity.no/under-angrep

     

    Oslo

    Drammensveien 288

    0283 Oslo

    Bergen

    Sandviksbodene 1

    5035 Bergen

    Stavanger

    Kanalsletta 4

    4033 Stavanger

    Grimstad

    Bark Silas vei 5

    4876 Grimstad

    Kristiansand

    Dronningens gt 12

    4610 Kristiansand

    Trondheim

    Krambugata 2

    7011 Trondheim

    Stockholm

    Kammakargatan 22

    111 40 Stockholm