Multiple vulnerabilities in F5 BIG-IP etc.–Early response

Several vulnerabilities were found in products such as F5 Networks’ BIG-IP, and the company released more information on March 10. The JPCERT Coordination Center (JPCERT / CC) also called on domestic users to pay attention and take early action on the 22nd. There are 21 vulnerabilities based on CVE (Common Vulnerabilities and Exposures), of which the vulnerabilities that exist in the iControl REST API of BIG-IQ, which provides management functions, can lead to remote code execution (CVE-2021-22986). The degree of influence of 4 cases such as is classified as “critical”. For CVE-2021-22986, JPCERT / CC confirmed a proof-of-concept code to exploit this vulnerability and communications that appear to be looking for devices that could be affected by the vulnerability. The products and versions that may be affected by the vulnerability are as follows. BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO) Version 16.0.0 to 16.0.1 Version 15.1.0 to 15.1 Up to version 14.1.0 to 14.1.3 Version 13.1.0 to 13.1.3 Version 12.1.0 to 12.1.5 BIG-IQ Centralized Management version 7.1.0, 7.0.0 Version 6.0.0 to 6.1.0 Up to F5 Networks, F5 Networks provides patches to address each vulnerability and methods to mitigate the impact of the vulnerability.