Advisory Type: IT Security
Severity: Critical
Summary:
PDS is providing the following communication to build awareness of a critical vulnerability and patches in F5 BIG-IP products.
On June 30, 2020 F5 posted K52145254 disclosing that a critical vulnerability exists in the BIG-IP Traffic Management User Interface (TMUI). F5 has confirmed reports that the vulnerability is being actively exploited. The vulnerability can allow attackers unauthenticated access to run arbitrary system commands. This issue impacts only the control plane of the F5 system, data plane functionality is not affected. Note, BIG-IQ Management and Traffix SDC products are not vulnerable.
The affected product versions and patched versions are:
| Product | Version | Upgrade to |
| BIG-IP | 16.x | 16.0.0 |
| 15.x | 15.1.0.4 | |
| 14.x | 14.1.2.6 | |
| 13.x | 13.1.3.4 | |
| 12.x | 12.1.5.2 | |
| 11.x | 11.6.5.2 |
We strongly advise customers to review the F5 advisory and upgrade their environments. PDS Architects are available to assist with the upgrades, your Account Director can assist in arranging for this upgrade support.
