The National Office for Cyber and Information Security (NÚKIB) shortly after the vulnerability warning in Microsoft Exchange and the subsequent regulation of the installation of updates in critical infrastructure warns of further vulnerabilities. This time it’s about serious vulnerabilities in BIG-IQ and BIG-IP devices from the American company F5 Networks. These vulnerabilities allow remote code execution without authentication.
BIG-IP is, among other things, the most used load balancer from F5. Vulnerabilities apply to versions 16.0.0 – 16.0.1, 15.1.0 – 15.1.2, 14.1.0 – 14.1.3, 13.1.0 – 13.1.3. 12.1.0 – 12.1.5 and 11.6.1 – 11.6.5. The fixes are part of versions 16.0.1.1, 15.1.2.1, 14.1.4, 13.1.3.6, 12.1.5.3 and 11.6.5.3.
In the case of BIG-IQ Centralized Management, there are problems with versions 7.0.0, 7.1.0 and 6.0.0 – 6.1.0, with the fixes being part of versions 8.0.0, 7.1.0.3 and 7.0.0.2.
If an update is not possible, the following procedures are recommended: “For BIG-IP and BIG-IQ Centralized Management, block access to the iControl REST interface. This can be done in the Port Lockdown configuration by setting the Allow None value for each custom IP address in the system. In cases where any ports need to be open, the Allow Custom setting can be used to disable access to the iControl REST interface. Another option is to block access to the iControl REST interface via the device management interface. Only trusted users and applications should be granted access to this interface. It is recommended to block access to the Configuration utility in the same way. ”
–
–
