Skip to main content
Zero Days & Vulns

F5 BIG-IQ & BIG-IP Vulnerabilities 

By 24 mars 2021mai 4th, 2021No Comments

Twenty-one vulnerabilities were discovered in F5 BIG-IQ and BIG-IP devices including four critical Remote Control Execution CVE that are actively exploited by malicious actors. 

  • CVE-2021-22986 : The iControl REST interface enables unauthenticated remote command execution

A Proof of Concept exploitation has been released for this vulnerability resulting in increased exposure and facilitated targeting by threat actors. 

  • CVE-2021-22987 : When leveraging this vulnerability in appliance mode, Traffic Management User Interface has authenticated remote command execution in undisclosed pages.
  • CVE-2021-22991 : With this vulnerability, Traffic Management Microkernel (TMM) may incorrectly handle undisclosed requests, which can result in a buffer overflow or be used for a remote code execution (RCE) or bypass of URL based access control. 
  • CVE-2021-22992 : This vulnerability allows for a malicious HTTP response to Advanced WAF/BIG-IP ASM which can result in a buffer overflow or be used for a remote code execution (RCE).                      

Previous incidents : In July of 2020, two vulnerabilities CVE-2020-5902 and CVE-2020-5903 were discovered in F5 devices. The former was exploited only a day after it was found. Since then updates and an IoC Detection tool have been released. This vulnerability was actively used by many threat actors. Such a precedent indicated towards the emergency of patching devices ASAP. 

  • F5 encourages to update BIG-IP as well as BIG-IQ systems using the dedicated guide.
  • The company support also makes a detailed overview of uncovered CVE and their respective updates available. 
  • In order to diagnose vulnerabilities, it is possible to refer to F5 iHealth.
  • Restrict access to the iControl REST API from Self-IPs and authorize only trusted devices. 

For more information, refer to the F5 dedicated support page for solutions to mitigate and defend your devices.

Sources : F5 website, CERT-FRBleeping Computer, Recorded Future