F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution (RCE) vulnerabilities affecting most BIG-IP and BIG-IQ software versions.
F5 BIG-IP software and hardware customers include governments, Fortune 500 firms, banks, internet service providers, and consumer brands (including Microsoft, Oracle, and Facebook), with the company claiming that “48 of the Fortune 50 rely on F5.”
F5 Networks has now pushed out patches to tackle these four critical vulnerabilities and is urging its customers to patch as soon as possible.
<p>The pervasiveness of F5 within the infrastructure of many large organisations makes these issues all the more critical to patch and remediate.</p> <p> </p> <p>Given that remote code execution may be possible, instances which cannot be patched immediately should be considered as possibly compromised.</p> <p> </p> <p>Since there is a dependency for some of these issues on having access to certain management interfaces, this shows the value of locking down access to resources like this. IP-restriction is a very simple mitigation to implement in lots of cases, and it could be the difference between compromised vs buying enough time to apply a patch.</p>