F5 released multiple advisories with critical vulns in it's Big-IP-Appliances both in ControlPlane (TMUI) and DataPlane, CVSS 9.8/9.9 beeing the most severe Scores.
-
K03009991: iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986 The iControl REST interface has an unauthenticated remote command execution vulnerability. CVSS score: 9.8 (Critical)
-
K18132488: Appliance Mode TMUI authenticated remote command execution vulnerability CVE-2021-22987 When running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. CVSS score: 9.9 (Critical)
-
K70031188: TMUI authenticated remote command execution vulnerability CVE-2021-22988 TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages. CVSS score: 8.8 (High)
A simple PoC had been released for one of the Dataplane-Bugs, allowing a simple DoS against a Big-IP-Appliance.
Patches available.
References
- F5: K02566623: Overview of F5 critical vulnerabilities (March 2021)
- PoCs released
- NCC: Detection capabilities for recent F5 BIG-IP/BIG-IQ iControl REST API vulnerabilities CVE-2021-22986
Fragen? Kontakt: info@zero.bs