F5 Networks is a leading provider of enterprise networking gear, with software and hardware customers like governments, Fortune 500 firms, banks, internet service providers, and largely known consumer brands (Microsoft, Oracle, and Facebook). 

The patch refers to the four critical vulnerabilities listed below and also includes a pre-auth RCE security flaw (CVE-2021-22986) that allows unauthenticated remote attackers to execute arbitrary commands on compromised BIG-IP devices. The vulnerabilities in question are listed below:

Today, the F5 declared to have discovered three other RCE vulnerabilities (two considered to be high and one medium, with CVSS severity ratings ranging between 6.6 and 8.8). These vulnerabilities are allowing authenticated remote attackers to execute arbitrary system commands.

Heimdal Official Logo
Your perimeter network is vulnerable to sophisticated attacks.

Heimdal® Network DNS Security

Is the next-generation network protection and response solution that will keep your systems safe.
  • No need to deploy it on your endpoints;
  • Protects any entry point into the organization, including BYODs;
  • Stops even hidden threats using AI and your network traffic log;
  • Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Successful exploitation of critical BIG-IP RCE vulnerabilities could lead to full system compromise, including the interception of controller application traffic and lateral movement to the internal network.

We strongly encourage all customers to update their BIG-IP and BIG-IQ systems to a fixed version as soon as possible

To fully remediate the critical vulnerabilities, all BIG-IP customers will need to update to a fixed version.


F5 provided information on how to upgrade the software running on your BIG-IP appliances with details on multiple upgrade scenarios in this BIG-IP upgrade guide.

Leave a Reply

Your email address will not be published. Required fields are marked *