When you experience a breach, time is crucial. Our 24/7 Security Operations Center responds immediately with precision to eliminate the threat and restore operations.
ShadowSpear® is an unparalleled resource that defends your organizations against advanced cyber threats and attacks 24/7/365.
Your organization has cybersecurity weaknesses and vulnerabilities you don’t yet even know about. They need to be found and found immediately. If you don’t someone else will.
A major enterprise and application protection vendor, F5, announced new critical vulnerabilities affecting BIG-IP and BIG-IQ software. An F5 leader explained these vulnerabilities affect all of their customers.
CVE-2021-22986 (CVSS 9.8) – No authentication is needed for attackers to exploit this F5 vulnerability by remotely running system commands on different F5 products. With a critical score of 9.8 on the Common Vulnerability Scoring System scale, threat actors can create and delete files, execute commands, and disable services.
CVE-2021-22987 (CVSS 9.9), CVE-2021-22988 (CVSS 8.0), CVE-2021-22989 (CVSS 6.6) – These three vulnerabilities affect traffic management user interface (TMUI) configuration tool on F5 devices. They also allow authenticated users to execute commands remotely on undisclosed pages.
Further vulnerabilities were announced by F5 with CVSS scores of 9.0.
CVE-2021-22991 (CVSS 9.0) – Requests to this server that are not handled properly by Traffic Management Microkernel URI normalization may result in a Denial of Service attack but could also bypass URL-based access control or remote code execution (RCE).
CVE-2021-22992 (CVSS 9.0) – Another potential Denial of Service attack vulnerability, but this is triggered by a malicious HTTP response to an advanced WAF/BIG-IP ASM virtual server with a login page configured in its policy and may trigger a buffer overflow. This vulnerability can also lead to remote code execution (RCE) and eventual system compromise.
More information about the vulnerabilities can be found here in a tweet released by F5.
The announcement of these vulnerabilities comes right after news of the Microsoft Exchange vulnerabilities. It’s important to note the connection between Microsoft and F5. Microsoft is a direct customer of F5, while F5 also claims they offer products to 48 of the Fortune 50. Many large organizations are now at risk and some through multiple, different avenues.
Engaging with a firm like SpearTip can take the weight off of your team’s shoulders during situations like this. Our team is ready to respond to threats and adapt to changing circumstances in the threat landscape while the engineers in our Security Operations Center work 24/7 to continuously monitor networks. They work in conjunction with our endpoint detection and response tool, ShadowSpear®
If you’re a leader in your organization, working through the steps to incorporate SpearTip’s services will benefit your team financially, as well as operationally. In turn, your overall brand reputation will be protected because the exploitation of the aforementioned vulnerabilities will be mitigated.
SpearTip’s cyber professionals continuously monitor environments 24/7 in our US-based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have direct communication with our engineers at any moment and a completely transparent view of your risk profile.
If you’re experiencing a breach, call our Security Operations Center at 833.997.7327.
Identify, neutralize, and counter cyberattacks - provide confidence in your security posture
24/7 Breach Response: US/CAN: 833.997.7327
Main Office: 800.236.6550
1714 Deer Tracks Trail, Suite 150
St. Louis, MO 63131
©2024 SpearTip, LLC. All rights reserved.