F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution (RCE) vulnerabilities affecting most BIG-IP and BIG-IQ software versions.
F5 BIG-IP software and hardware customers include governments, Fortune 500 firms, banks, internet service providers, and consumer brands (including Microsoft, Oracle, and Facebook), with the company claiming that “48 of the Fortune 50 rely on F5.”
F5 Networks has now pushed out patches to tackle these four critical vulnerabilities and is urging its customers to patch as soon as possible.
Experts Comments
Submit Your Expert Comments
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.Be part of our growing Information Security Expert Community (1000+), please register here.
The pervasiveness of F5 within the infrastructure of many large organisations makes these issues all the more critical to patch and remediate.
Given that remote code execution may be possible, instances which cannot be patched immediately should be considered as possibly compromised.
Since there is a dependency for some of these issues on having access to certain management interfaces, this shows the value of locking down access to resources like this. IP-restriction is a very simple
.....Read MoreThe pervasiveness of F5 within the infrastructure of many large organisations makes these issues all the more critical to patch and remediate.
Given that remote code execution may be possible, instances which cannot be patched immediately should be considered as possibly compromised.
Since there is a dependency for some of these issues on having access to certain management interfaces, this shows the value of locking down access to resources like this. IP-restriction is a very simple mitigation to implement in lots of cases, and it could be the difference between compromised vs buying enough time to apply a patch.
Read LessLinkedin Message
@Michael Barragry, Operations Lead and Security Consultant , provides expert commentary at @Information Security Buzz.
"The pervasiveness of F5 within the infrastructure of many large organisations makes these issues...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/f5-urges-customers-to-patch-critical-big-ip-pre-auth-rce-bug
Facebook Message
@Michael Barragry, Operations Lead and Security Consultant , provides expert commentary at @Information Security Buzz.
"The pervasiveness of F5 within the infrastructure of many large organisations makes these issues...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/f5-urges-customers-to-patch-critical-big-ip-pre-auth-rce-bug