02.06.2023

(High) F5 | Control / BigIP SOAP vulnerability

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 02/06/2023

Action Level - High

Description

F5 has released information about a vulnerability impacting currently supported versions of BIG-IP. This vulnerability could allow an authenticated attacker to cause a denial-of-service on F5 processes or potentially execute arbitrary code.

Affected Devices

  • BIG-IP (all modules)
    • 17.0.0
    • 16.1.2.2 - 16.1.3
    • 15.1.5.1 - 15.1.8
    • 14.1.4.6 -  14.1.5
    • 13.1.5

Attack Vector

An authenticated attacker with network access to the BIG-IP management port and/or self IP addresses. 

Attack Feasibility

F5 has not noted any suspected exploitation of this vulnerability by attackers.

Mitigations

Following best practices to secure access to the management interface and self IP addresses is recommended and can help minimize the attack surface.

Remediation

There are currently no fixed releases available for any supported versions. An engineering hotfix to address the vulnerability is available. Hotfixes often do not undergo the same level of QA assessment as official releases, so the risk this vulnerability poses to your environment should be weighed against the risk of applying the hotfix.

Vendor Resources

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • twitter
  • facebook
  • youtube
© 2024 MCNC