01.21.2022

Multiple F5 Vulnerabilities Affecting all Modules of F5 Products

MCNC Admin Avatar
By MCNC Admin
Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 01/21/2022

Action Level - High to Medium

Description

F5 recently released patches for v14, v15, and v16 of their Big-IP products as well as NGINX Controller API Management v3.18.0 - v3.19.0. F5 has these published in K40084114. It is recommended that you review F5’s KB to determine your impact, these vulnerabilities are wide ranging and affect various versions of LTM, APM, ASM specifically, with some vulnerabilities affecting all modules. The vulnerabilities tend to cause a reboot of TMM which can result in a denial of service in most cases, memory leaks in others, and certain ones can permit the ability to inject traffic into a given flow.

Affected Devices (Various)

  • Big-IP V11-16
    • Fixes available for V14 - V16

  • Big-IP All Modules
  • Big-IQ Centralized Management
  • DNS/GTM
  • APM
  • AFM
  • WAF
  • ASM
  • NGINX Controller API Management
  • NGINX App Protect

Mitigation

  • In multiple scenarios the attack causes TMM to reboot, stopping the passing of traffic. A HA setup can mitigate impact caused by these reboots
  • Certain attacks could cause excessive memory usage, impacting operation. A HA setup can mitigate this impact and alerting can give early warning to permit a reboot to clear the memory bloat.
  • Certain attacks require an authenticated user, ensure only trusted users have accounts and only restrict access via network controls. Don’t copy/paste commands that you aren’t able to understand into the device.
  • While these attacks require specific settings to be present, it is advised against removing these settings as a means of mitigation due to the often required presence. If unsure of what a given profile does, don’t remove it.

Remediation

  • Review the F5 KB and upgrade to the recommended software version.

Collected Links

F5 Page detailing all vulnerabilities, affected software/hardware, and remediated versions of software.

F5 Big-IP Upgrade Guide

<-- Return to Cybersecurity Alerts...

MCNC Admin
MCNC Admin
MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Uslinkedintwitterfacebookyoutube
© 2022 MCNC