Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP!

Application security company F5 Networks on Wednesday published an advisory warning of four critical vulnerabilities impacting multiple products that could result in a denial of service (DoS) attack and even unauthenticated remote code execution on target networks.

The patches concern a total of seven related flaws (from CVE-2021-22986 through CVE-2021-22992), two of which were discovered and reported by Felix Wilhelm of Google Project Zero in December 2020.

The four critical flaws affect BIG-IP versions 11.6 or 12.x and newer, with a critical pre-auth remote code execution (CVE-2021-22986) also affecting BIG-IQ versions 6.x and 7.x. F5 said it’s not aware of any public exploitation of these issues.

Successful exploitation of these vulnerabilities could lead to a full compromise of vulnerable systems, including the possibility of remote code execution as well as trigger a buffer overflow, leading to a DoS attack.

Urging customers to update their BIG-IP and BIG-IQ deployments to a…

Exit mobile version