F5 Urges Customers To Patch Critical Big-IP Pre-auth RCE Bug

F5 Networks, a leading provider of enterprise networking gear, has announced four critical remote code execution (RCE) vulnerabilities affecting most BIG-IP and BIG-IQ software versions.

F5 BIG-IP software and hardware customers include governments, Fortune 500 firms, banks, internet service providers, and consumer brands (including Microsoft, Oracle, and Facebook), with the company claiming that “48 of the Fortune 50 rely on F5.”

F5 Networks has now pushed out patches to tackle these four critical vulnerabilities and is urging its customers to patch as soon as possible. 

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Michael Barragry
Michael Barragry , Operations Lead and Security Consultant
InfoSec Expert
March 12, 2021 10:48 am

<p>The pervasiveness of F5 within the infrastructure of many large organisations makes these issues all the more critical to patch and remediate.</p> <p> </p> <p>Given that remote code execution may be possible, instances which cannot be patched immediately should be considered as possibly compromised.</p> <p> </p> <p>Since there is a dependency for some of these issues on having access to certain management interfaces, this shows the value of locking down access to resources like this. IP-restriction is a very simple mitigation to implement in lots of cases, and it could be the difference between compromised vs buying enough time to apply a patch.</p>

Last edited 1 year ago by Michael Barragry
1
0
Would love your thoughts, please comment.x
()
x