(High) F5 | Control / BigIP SOAP vulnerability
Date of Notice: 02/06/2023
Action Level - High
F5 has released information about a vulnerability impacting currently supported versions of BIG-IP. This vulnerability could allow an authenticated attacker to cause a denial-of-service on F5 processes or potentially execute arbitrary code.
- BIG-IP (all modules)
- 188.8.131.52 - 16.1.3
- 184.108.40.206 - 15.1.8
- 220.127.116.11 - 14.1.5
An authenticated attacker with network access to the BIG-IP management port and/or self IP addresses.
F5 has not noted any suspected exploitation of this vulnerability by attackers.
Following best practices to secure access to the management interface and self IP addresses is recommended and can help minimize the attack surface.
There are currently no fixed releases available for any supported versions. An engineering hotfix to address the vulnerability is available. Hotfixes often do not undergo the same level of QA assessment as official releases, so the risk this vulnerability poses to your environment should be weighed against the risk of applying the hotfix.