Heimdal
article featured image

Contents:

Security provider F5 has tackled more than a dozen high-severity bugs in its BIG-IP networking device, including one vulnerability that was considered as critical severity when abused under certain circumstances.

F5, Inc. is a U.S. organization that specializes in application delivery networking (ADN), application availability & performance, multi-cloud management, application security, network security, access & authorization, and online fraud prevention.

On August 24th, 2021, F5 has published a list of 35 security issues that impact multiple F5 devices of which 13 were considered high-severity vulnerabilities, 15 medium, and 7 low.

One of the 13 high-severity vulnerabilities is tracked as CVE-2021-23031 and is a privilege escalation issue on BIG-IP Advanced Web Application Firewall (WAF) and Web Application Firewall (ASM) Traffic Management User Interface (TMUI).

What Happens When the Bug Is Exploited?

When abused, the CVE-2021-23031 bug enables an authenticated threat actor who has access to the Configuration utility to carry out arbitrary system commands, generate or remove documents, or deactivate systems. This flaw could allow a hacker to completely damage a system.

According to the advisory, the vulnerability got a severity rating of 8.8, but for the Appliance Mode customers, the score increases to 9.9 out of 10. 

What Can Users Do?

It also notes that only a limited number of customers are affected by the issue in a critical mode.

Because this cyberattack is organized by authenticated users, there is no feasible mitigation that also enables users’ access to the Configuration utility. F5 states that the only way to protect against these attacks is to remove access for users who are not completely trusted.

The fixed issues include request forgery flaws, authenticated remote command execution bugs, cross-site scripting (XSS)vulnerabilities, and insufficient permission and denial-of-service flaws:

CVE / Bug IDSeverityCVSS scoreAffected productsAffected versionsFixes introduced in
CVE-2021-23025High7.2BIG-IP (all modules)15.0.0 - 15.1.0
14.1.0 - 14.1.3
13.1.0 - 13.1.3
12.1.0 - 12.1.6
11.6.1 - 11.6.5
16.0.0
15.1.0.5
14.1.3.1
13.1.3.5
CVE-2021-23026High7.5BIG-IP (all modules) 16.0.0 - 16.0.1
15.1.0 - 15.1.2
14.1.0 - 14.1.4
13.1.0 - 13.1.4
12.1.0 - 12.1.6
11.6.1 - 11.6.5
16.1.0
16.0.1.2
15.1.3
14.1.4.2
13.1.4.1
CVE-2021-23027High7.5BIG-IP (all modules) 16.0.0 - 16.0.1
15.1.0 - 15.1.2
14.1.0 - 14.1.4
16.1.0
16.0.1.2
15.1.3.1
14.1.4.3
CVE-2021-23028High7.5BIG-IP (Advanced WAF, ASM)16.0.0 - 16.0.1
15.1.0 - 15.1.3
14.1.0 - 14.1.4
13.1.0 - 13.1.3
16.1.0
16.0.1.2
15.1.3.1
14.1.4.2
13.1.4
CVE-2021-23029High7.5BIG-IP (Advanced WAF, ASM)16.0.0 - 16.0.116.1.0
16.0.1.2
CVE-2021-23030High7.5BIG-IP (Advanced WAF, ASM)16.0.0 - 16.0.1
15.1.0 - 15.1.3
14.1.0 - 14.1.4
13.1.0 - 13.1.4
12.1.0 - 12.1.6
16.1.0
16.0.1.2
15.1.3.1
14.1.4.3
13.1.4.1
CVE-2021-23031High

--

Critical - Appliance mode only
8.8

--

9.9
BIG-IP (Advanced WAF, ASM)16.0.0 - 16.0.1
15.1.0 - 15.1.2
14.1.0 - 14.1.4
13.1.0 - 13.1.3
12.1.0 - 12.1.5
11.6.1 - 11.6.5
16.1.0
16.0.1.2
15.1.3
14.1.4.1
13.1.4
12.1.6
11.6.5.3
CVE-2021-23032High7.5BIG-IP (DNS)16.0.0 - 16.0.1
15.1.0 - 15.1.3
14.1.0 - 14.1.4
13.1.0 - 13.1.4
12.1.0 - 12.1.6
16.1.0
15.1.3.1
14.1.4.4
CVE-2021-23033High7.5BIG-IP (Advanced WAF, ASM) 16.0.0 - 16.0.1
15.1.0 - 15.1.3
14.1.0 - 14.1.4
13.1.0 - 13.1.4
12.1.0 - 12.1.6
16.1.0
15.1.3.1
14.1.4.3
13.1.4.1
CVE-2021-23034High7.5BIG-IP (all modules)16.0.0 - 16.0.1
15.1.0 - 15.1.3
16.1.0
15.1.3.1
CVE-2021-23035High7.5BIG-IP (all modules)14.1.0 - 14.1.414.1.4.4
CVE-2021-23036High7.5BIG-IP (Advanced WAF, ASM, DataSafe)16.0.0 - 16.0.116.1.0
16.0.1.2
CVE-2021-23037High7.5BIG-IP (all modules)16.0.0 - 16.1.0
15.1.0 - 15.1.3
14.1.0 - 14.1.4
13.1.0 - 13.1.4
12.1.0 - 12.1.6
11.6.1 - 11.6.5
None

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also issued a security advisory regarding the F5 matter urging users and administrators to “review the F5 security advisory and install updated software or apply the necessary mitigations as soon as possible.”

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE