F5 has released the August security advisory for BIG-IP and BIG-IQ products that address multiple High risk vulnerabilities.
An attacker could exploit these vulnerabilities and potentially take over impacted systems.
F5 released patches for the following 13 High severity vulnerabilities:
- K55543151: BIG-IP TMUI vulnerability CVE-2021-23025.
- K53854428: iControl SOAP vulnerability CVE-2021-23026.
- K24301698: TMUI XSS vulnerability CVE-2021-23027.
- K00602225: BIG-IP Advanced WAF and ASM vulnerability CVE-2021-23028.
- K52420610: BIG-IP Advanced WAF and ASM TMUI vulnerability CVE-2021-23029.
- K42051445: BIG-IP Advanced WAF and ASM Websocket vulnerability CVE-2021-23030.
- K41351250: BIG-IP Advanced WAF and ASM TMUI vulnerability CVE-2021-23031.
- K45407662: BIG-IP DNS vulnerability CVE-2021-23032.
- K05314769: BIG-IP Advanced WAF and ASM Websocket vulnerability CVE-2021-23033.
- K30523121: BIG-IP TMM vulnerability CVE-2021-23034.
- K70415522: TMM vulnerability CVE-2021-23035.
- K05043394: TMM vulnerability CVE-2021-23036.
- K21435974: TMUI XSS vulnerability CVE-2021-23037.
The CVSS base score range from 7.5 to 9.9.
Moreover, F5 also updated multiple other Medium and Low severity issues.
- Critical F5 BIG-IP vulnerability (CVE-2021-22986) under active attack
- F5 patches Critical RCE vulnerability (CVE-2020-5902) in BIG-IP configuration utility
- NAME:WRECK vulnerabilities can break DNS implementations in TCP/IP stacks
- APT actors exploit legacy internet-facing vulnerabilities in combination with Zerologon to target organizations
- Chinese threat actors targeting U.S. government agencies and these 4 CVEs
- DHS issues new emergency guidance on SolarWinds Orion Code compromise