For patch day in August, the network specialist F5 will be delivering bug fixes for 21 vulnerabilities. The US cyber security authority CISA warns that registered attackers could take control of vulnerable systems through some of the gaps. IT admins of BIG-IP and Nginx systems should take action and install the updates.
Overall, F5 lists twelve vulnerabilities with a risk rating of “high”. They all affect the company’s BIG-IP systems and the central management software BIG-IQ. This could allow attackers with privileged access to take over systems, or exploit denial-of-service vulnerabilities to cripple unattended malicious actors.
The manufacturer classifies a further eight vulnerabilities in BIG-IP, BIG-IQ and Nginx as medium threats. In addition, there is only a low risk of a gap in BIG-IP through which attackers with privileged server access could read data.
The vulnerabilities affect the following program versions:
BIG-IP 17.0.0, 16.1.0 – 16.1.3, 15.1.0 – 15.1.6, 14.1.0 – 14.1.5, 13.1.0 – 13.1.5
BIG-IQ 8.0.0 – 8.1.0, 7.0.0 – 7.1.0
Ngnix Instance Manager 2.0.0 – 2.3.0, 1.0.0 – 1.0.4
Nginx Ingress Controller 2.0.0 – 2.2.0, 1.0.0 – 1.12.4
Numerous sub-versions receive their own updates to fix the bugs. However, BIG-IP 13 and older versions will not receive an update. Here administrators have to migrate to a newer software branch. According to the security advisory from F5, two medium-severity DoS vulnerabilities in BIG-IQ 8.0.0 to 8.2.0 remain unfixed.
Since cybercriminals regularly target vulnerabilities in F5 systems immediately, IT managers should quickly download and install the available updates.
To home page