Original Issue Date September 01, 2021
Severity Rating HIGH
Software Affected
F5 BIG-IP (all modules) versions (11.x, 12.x , 13.x , 14.x , 15.x , 16.x )
F5 BIG-IQ versions (6.x , 7.x , 8.x)
F5 BIG-IP (Advanced WAF, ASM) versions (11.x, 12.x, 13.x , 14.x , 15.x , 16.x)
F5 BIG-IP (DNS) versions (12.x, 13.x , 14.x , 15.x , 16.x)
F5 BIG-IP (Advanced WAF, ASM , Data Safe) version(16.x)
Overview
Multiple vulnerabilities have been reported in F5 BIG-IP modules which could be exploited by an attacker to execute arbitrary code and cause a denial-of-service (DOS) condition on the targeted system.
Description
These vulnerabilities exits in multiple F5 BIG-IP modules due to authenticated remote command execution, web socket profile configuration , cross-site request forgery (CSRF) through iControl SOAP, cross-site scripting (XSS) , server-side request forgery , Insufficient permission checks and privilege escalation on BIG-IP advanced WAF and ASM traffic management user interface (TMUI).
Successful exploitation of these vulnerability could allow a remote attacker to execute arbitrary code and cause a denial-of service (DOS) condition on the targeted system.
Solution
Upgrade to the versions listed by F5s advisory
