F5 Urges Customers To Patch Critical Big-IP Pre-auth RCE Bug

F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution (RCE) vulnerabilities affecting most BIG-IP and BIG-IQ software versions.

F5 BIG-IP software and hardware customers include governments, Fortune 500 firms, banks, internet service providers, and consumer brands (including Microsoft, Oracle, and Facebook), with the company claiming that “48 of the Fortune 50 rely on F5.”

F5 Networks has now pushed out patches to tackle these four critical vulnerabilities and is urging its customers to patch as soon as possible. 

Experts Comments

March 12, 2021
Michael Barragry
Operations Lead and Security Consultant
Edgescan

The pervasiveness of F5 within the infrastructure of many large organisations makes these issues all the more critical to patch and remediate.

 

Given that remote code execution may be possible, instances which cannot be patched immediately should be considered as possibly compromised.

 

Since there is a dependency for some of these issues on having access to certain management interfaces, this shows the value of locking down access to resources like this. IP-restriction is a very simple

.....Read More

The pervasiveness of F5 within the infrastructure of many large organisations makes these issues all the more critical to patch and remediate.

 

Given that remote code execution may be possible, instances which cannot be patched immediately should be considered as possibly compromised.

 

Since there is a dependency for some of these issues on having access to certain management interfaces, this shows the value of locking down access to resources like this. IP-restriction is a very simple mitigation to implement in lots of cases, and it could be the difference between compromised vs buying enough time to apply a patch.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.