U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

F5 addressed a flaw in BIG-IP devices rated as critical severity under specific conditions

F5 has addressed more than a dozen severe vulnerabilities in its BIG-IP networking device, including one rated as critical severity under specific conditions. Security vendor F5 has addressed more than a dozen high-severity vulnerabilities in its BIG-IP networking device, including an issue that was considered as critical severity when exploited under specific conditions. The flaw, […]

NGINX F5 BIG-IP NGINX

F5 has addressed more than a dozen severe vulnerabilities in its BIG-IP networking device, including one rated as critical severity under specific conditions.

Security vendor F5 has addressed more than a dozen high-severity vulnerabilities in its BIG-IP networking device, including an issue that was considered as critical severity when exploited under specific conditions.

The flaw, tracked as CVE-2021-23031, is a privilege escalation issue on BIG-IP Advanced Web Application Firewall (WAF) and Application Security Manager (ASM) Traffic Management User Interface (TMUI).

An authenticated attacker with access to the Configuration utility can trigger the flaw to execute arbitrary system commands, create or delete files, and/or disable services. The issue could allow an attacker to completely compromise the network device.

The flaw received a severity score of 8.8, but according to the security advisory, for customers using the Appliance Mode, which applies some technical restrictions, the severity score raises to 9.9 out of 10.

According to the security advisory for CVE-2021-23031, only a limited number of customers are impacted by the issue in a critical mode.

“When this vulnerability is exploited, an authenticated attacker with access to the Configuration utility can execute arbitrary system commands, create or delete files, and/or disable services. This vulnerability may result in complete system compromise.” reads the advisory. “The limited number of customers using Appliance mode have Scope: Changed, which raises the CVSSv3 score to 9.9. For information about Appliance mode, refer to K12815: Overview of Appliance mode.”

The vendor recommends updating the device, where it is not possible admins should limit access to the Configuration utility only to completely trusted users.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also released a security advisory encouraging users and administrators to review the F5 security advisory and install updated software or apply the necessary mitigations as soon as possible.

F5 addressed high-severity 30 vulnerabilities in multiple products, they include authenticated remote command execution flaws, cross-site scripting (XSS) issues, request forgery bugs, along insufficient permission and denial-of-service flaws.

The flaws received a severity score between 7.2 and 7.5. Below is the list of issues fixed by the vendor:

CVE / Bug IDSeverityCVSS scoreAffected productsAffected versionsFixes introduced in
CVE-2021-23025High7.2BIG-IP (all modules)15.0.0 – 15.1.0
14.1.0 – 14.1.3
13.1.0 – 13.1.3
12.1.0 – 12.1.6
11.6.1 – 11.6.5
16.0.0
15.1.0.5
14.1.3.1
13.1.3.5
CVE-2021-23026High7.5BIG-IP (all modules)16.0.0 – 16.0.1
15.1.0 – 15.1.2
14.1.0 – 14.1.4
13.1.0 – 13.1.4
12.1.0 – 12.1.6
11.6.1 – 11.6.5
16.1.0
16.0.1.2
15.1.3
14.1.4.2
13.1.4.1
BIG-IQ8.0.0 – 8.1.0 
7.0.0 – 7.1.0
6.0.0 – 6.1.0
None
CVE-2021-23027High7.5BIG-IP (all modules)16.0.0 – 16.0.1
15.1.0 – 15.1.2
14.1.0 – 14.1.4
16.1.0
16.0.1.2
15.1.3.1
14.1.4.3
CVE-2021-23028High7.5BIG-IP (Advanced WAF, ASM)16.0.0 – 16.0.1
15.1.0 – 15.1.3
14.1.0 – 14.1.4
13.1.0 – 13.1.3
16.1.0
16.0.1.2
15.1.3.1
14.1.4.2
13.1.4
CVE-2021-23029High7.5BIG-IP (Advanced WAF, ASM)16.0.0 – 16.0.116.1.0
16.0.1.2
CVE-2021-23030High7.5BIG-IP (Advanced WAF, ASM)16.0.0 – 16.0.1
15.1.0 – 15.1.3
14.1.0 – 14.1.4
13.1.0 – 13.1.4
12.1.0 – 12.1.6
16.1.0
16.0.1.2
15.1.3.1
14.1.4.3
13.1.4.1
CVE-2021-23031High–Critical – Appliance mode only8.8–9.9BIG-IP (Advanced WAF, ASM)16.0.0 – 16.0.1
15.1.0 – 15.1.2
14.1.0 – 14.1.4
13.1.0 – 13.1.3
12.1.0 – 12.1.5
11.6.1 – 11.6.5
16.1.0
16.0.1.2
15.1.3
14.1.4.1
13.1.4
12.1.6
11.6.5.3
CVE-2021-23032High7.5BIG-IP (DNS)16.0.0 – 16.0.1
15.1.0 – 15.1.3
14.1.0 – 14.1.4
13.1.0 – 13.1.4 
12.1.0 – 12.1.6
16.1.0 
15.1.3.1
14.1.4.4
CVE-2021-23033High7.5BIG-IP (Advanced WAF, ASM)16.0.0 – 16.0.1
15.1.0 – 15.1.3
14.1.0 – 14.1.4
13.1.0 – 13.1.4
12.1.0 – 12.1.6
16.1.0
15.1.3.1
14.1.4.3
13.1.4.1
CVE-2021-23034High7.5BIG-IP (all modules)16.0.0 – 16.0.1
15.1.0 – 15.1.3
16.1.0 
15.1.3.1
CVE-2021-23035High7.5BIG-IP (all modules)14.1.0 – 14.1.414.1.4.4
CVE-2021-23036High7.5BIG-IP (Advanced WAF, ASM, DataSafe)16.0.0 – 16.0.116.1.0
16.0.1.2
CVE-2021-23037High7.5BIG-IP (all modules)16.0.0 – 16.1.0
15.1.0 – 15.1.3
14.1.0 – 14.1.4
13.1.0 – 13.1.4
12.1.0 – 12.1.6
11.6.1 – 11.6.5
None

The vendor also fixed medium and low severity vulnerabilities.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, F5 BIG-IP)

[adrotate banner=”5″]

[adrotate banner=”13″]