F5 Networks Alert
1614Warning Date
Severity Level
Warning Number
Target Sector
16 December, 2020
● Medium
2020-2206
All
Description:
F5 Networks has released a security alert to address multiple vulnerabilities in the following product:
- BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO)
- 16.0.0 - 16.0.1
- 15.1.0 - 15.1.2
- 14.1.0 - 14.1.3
- 13.1.0 - 13.1.3
- 12.1.0 - 12.1.5
- 11.6.1 - 11.6.5
* This issue only affects BIG-IP platforms that support vCMP.
Threats:
ِِِAttacker could exploit these vulnerabilities by doing the following:
- Denial of Service (DoS) attack
- Execute arbitrary code.
Best practice and Recommendations:
The CERT team encourages users to update the affected product as soon as the update is issued, and to mitigate these vulnerabilities by doing the following:
- F5 Networks recommend permitting access to the USB interface on the BIG-IP system to trusted users. and only permit management access to the BIG-IP system over a secure network and limit shell access to only trusted users.
For more information: