Vulnerabilities in F5 BIG-IP

PDS Cyber Security Advisory:
Advisory Regarding Vulnerabilities in F5 BIG-IP

Advisory Type: IT Security
Severity: Critical
Summary: PDS is providing the following communication to build awareness of a critical vulnerability and patches in F5 BIG-IP products.

On March 10, 2021 F5 posted a vulnerability bulletin disclosing that 4 critical, and a total of seven, vulnerabilities exist in the BIG-IP and BIG-IQ systems. K02566623 details the following vulnerabilities:

• K03009991: iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986 A critical vulnerability in the iControl REST interface allows an unauthenticated remote command execution vulnerability condition.
• K18132488: Appliance Mode TMUI authenticated remote command execution vulnerability CVE-2021-22987 A critical vulnerability in the TMUI (running in appliance mode) allows an authenticated remote code execution condition.
• K70031188: TMUI authenticated remote command execution vulnerability CVE-2021-22988 A high severity vulnerability in the TMUI allows an authenticated remote code execution condition.
• K56142644: Appliance mode Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22989 A high severity vulnerability in the TMUI (running in appliance mode with Advanced WAF or ASM provisioned) allows an authenticated remote code execution condition.
• K45056101: Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22990 A medium severity vulnerability in the TMUI (with Advanced WAF or ASM provisioned) allows an authenticated remote code execution condition.
• K56715231: TMM buffer-overflow vulnerability CVE-2021-22991 A critical vulnerability exists where requests to a virtual server may be handled by the URI normalization process, triggering a buffer overflow, resulting in a DoS condition or the possible bypass of URL access controls or a remote code execution condition.
• K52510511: Advanced WAF/ASM buffer-overflow vulnerability CVE-2021-22992 A critical vulnerability exists within the Advanced WAF/ASM where a virtual server containing a Login Page may trigger a buffer overflow, resulting in a DoS condition or a possible remote code execution condition, leading to complete system compromise.

The affected product versions and patched versions are:

We strongly advise customers to review the F5 advisory and upgrade their environments. PDS Architects are available to assist with the upgrades, your Account Director can assist in arranging for this upgrade support.