F5 BIG-IP & BIG-IQ Vulnerabilities

Released: Mar 25, 2021


Critical Severity

F5 Vendor

Vulnerability, Attack Type


Critical Bug Allowing Remote Code Execution

The 2 most critical vulnerabilities allow a remote attacker with access to the user interface (or REST API via the user interface) to gain full control of the system and execute arbitrary system commands, create or delete files, and disable services. The most critical is unauthenticated. Exploitation can lead to complete system compromise. The U.S. Cybersecurity and Infrastructure Agency (CISA) has urged companies using BIG-IP and BIG-IQ to fix the critical F5 flaws. Learn More »

Common Vulnerabilities and Exposures

CVE-2021-22986
CVE-2021-22987
CVE-2021-22991
CVE-2021-22992

Background

These are “in the wild” vulnerabilities for existing software - refer to versions listed by F5 to see if you are impacted based on the versions you may be running. Details for the 2 most critical vulnerabilities can be found in the big tables on these articles:-
https://support.f5.com/csp/article/K18132488

https://support.f5.com/csp/article/K03009991

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.


On March 10, F5 announced several vulnerabilities and strongly urged customers to upgrade: -
https://www.f5.com/services/support/March2021_Vulnerabilities


On March 20, multiple stories reported the F5 vulnerabilities under “active attack”. FortiGuard IPS protects against 3 of the 4 critical CVEs identified (the 4th being 22987 which requires authentication). FortiGuard Labs Threat Signal Report is available from: -
https://www.fortiguard.com/threat-signal-report/3891

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.


PROTECT
  • IPS

DETECT
  • Outbreak Detection

  • Threat Hunting

RESPOND
  • Assisted Response Services

  • Automated Response

RECOVER
  • NOC/SOC Training

  • End-User Training

IDENTIFY
  • Attack Surface Hardening

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.


Loading ...

Indicators of compromise Indicators of compromise
IOC Threat Activity

Last 30 days

Chg

Avg 0