Messages – AU – F5, CISA Warning of critical BIG-IP and BIG-IQ-RCE errors

The administrator of your personal information is Threatpost, Inc, 500 Unicorn Park, Woburn, MA 01801 You can find detailed information on the processing of personal data in the privacy policy. You can also find it in the message confirming the subscription to the newsletter

The administrator of your personal information is Threatpost, Inc, 500 Unicorn Park, Woburn, MA 01801 You can find detailed information on the processing of personal data in the privacy policy. You can also find it in the message confirming the subscription to the newsletter

The F5 errors can affect the network infrastructure of some of the largest technology and Fortune 500 companies – including Microsoft, Oracle, and Facebook

F5 Networks warns users to fix four critical Remote Command Execution (RCE) errors in its BIG-IP and BIG-IQ corporate network infrastructure. If exploited, the errors could allow attackers to take full control of a vulnerable system

The company published a recommendation on Wednesday for a total of seven bugs, with two more classified as high risk and one as medium risk. “We strongly recommend all customers to get their BIG-IP and BIG-IQ systems as soon as possible to upgrade to a fixed version, ”advised the company on its website

The scenario is particularly urgent as F5 provides corporate networks to some of the largest tech companies in the world, including Facebook, Microsoft, and Oracle, as well as a host of Fortune 500 companies, including some of the largest financial institutions in the world, and ISPs

The US. The Cybersecurity and Infrastructure Agency (CISA) also urged companies using BIG-IP and BIG-IQ to address two of the critical vulnerabilities tracked as CVE-2021-22986 and CVE-2021-22987

The former, with a CVSS rating of 98, is an unauthenticated remote command execution vulnerability in the iControl REST interface This is evident from a detailed breakdown of the errors in the F5 Knowledge Center, the latter with a CVSS rating of 99, affects the infrastructure’s Traffic Management User Interface (TMUI), also known as the configuration utility in Fiance mode, the TMUI as per F5, an authenticated RCE vulnerability on undisclosed pages on

The other two critically assessed vulnerabilities are tracked as CVE-2021-22991 and CVE-2021-22992. The first, with a CVSS score of 90, is a buffer overflow vulnerability that can be triggered when “Undisclosed requests are submitted a virtual server may be treated incorrectly by the URM normalization of the Traffic Management Microkernel (TMM) “(F5) This can lead to a DoS attack (Denial-of-Service), which in some situations” theoretically allows bypassing the URL based access control or remote code execution (RCE), ”the company warned

CVE-2021-22992 is also a buffer overflow error with a CVSS rating of 9 According to F5, this error can be caused by “A malicious HTTP response to an advanced WAF / BIG-IP ASM virtual server with a login page configured in the policy In some situations, RCE and “complete system compromises” can also occur, the company warned

The other three non-critical bugs fixed in this week’s F5 update are CVE-2021-22988, CVE-2021-22989, and CVE-2021-22990

CVE-2021-22988 with a CVSS score of 88 is an authenticated RCE that also affects TMUI CVE-2021-22989 with a CVSS score of 80 is another authenticated RCE that also affects the TMUI Appliance mode, this time when Advanced WAF or BIG-IP ASM are deployed And CVE-2021-2290 with a CVSS score of 66 is a similar but less dangerous vulnerability that F5 says exists in the same scenario

Q5 is no stranger to critical bugs in its corporate network products In July, the vendor and other security experts – including US. Cyber ​​Command – urged companies to provide an urgent patch for a critical RCE vulnerability in BIG-IP’s App Delivery Controllers that has been actively exploited by attackers to remove credentials, launch malware, and more. This bug ( CVE-2020-5902) had a CVSS rating of 10 out of 10 due to a delay in patching at this point, the systems were exposed to the bug for weeks after F5 released the update

Check out our free upcoming live webinars – unique, dynamic discussions with cybersecurity experts and the Threatpost community:

At least 10 nation-state supported groups are using the ProxyLogon exploit chain to compromise email servers as the tradeoffs increase

The remote code execution error could allow attackers to deploy malware, change network configurations, and view databases

Malicious e-mails with attachments that deliver the # NanoCore-RAT bypass anti-malware and e-mail scanners through misuse … https: // tco / wqoWf989Zn

Infosec Insider content is authored by a trusted community of Threatpost cybersecurity experts Each post aims to give a unique voice to key cybersecurity topics The content strives to be of the highest quality, objective and non-commercial

Sponsored content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community.This content offers a sponsor the opportunity to send insights and comments from their point of view directly to the Threatpost audience involved in writing or editing sponsored content

F5, Computer Security, Vulnerability, Arbitrary Code Execution