F5 Urges Customers To Patch Critical Big-IP Pre-auth RCE Bug

By   ISBuzz Team
Writer , Information Security Buzz | Mar 12, 2021 02:46 am PST

F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution (RCE) vulnerabilities affecting most BIG-IP and BIG-IQ software versions.

F5 BIG-IP software and hardware customers include governments, Fortune 500 firms, banks, internet service providers, and consumer brands (including Microsoft, Oracle, and Facebook), with the company claiming that “48 of the Fortune 50 rely on F5.”

F5 Networks has now pushed out patches to tackle these four critical vulnerabilities and is urging its customers to patch as soon as possible. 

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Michael Barragry
Michael Barragry , Operations Lead and Security Consultant
March 12, 2021 10:48 am

<p>The pervasiveness of F5 within the infrastructure of many large organisations makes these issues all the more critical to patch and remediate.</p> <p> </p> <p>Given that remote code execution may be possible, instances which cannot be patched immediately should be considered as possibly compromised.</p> <p> </p> <p>Since there is a dependency for some of these issues on having access to certain management interfaces, this shows the value of locking down access to resources like this. IP-restriction is a very simple mitigation to implement in lots of cases, and it could be the difference between compromised vs buying enough time to apply a patch.</p>

Last edited 3 years ago by Michael Barragry

Recent Posts

Would love your thoughts, please comment.x