F5 Devices

Caleb Boma | March 11th, 2021


A major enterprise and application protection vendor, F5, announced new critical vulnerabilities affecting BIG-IP and BIG-IQ software. An F5 leader explained these vulnerabilities affect all of their customers.

The Critical Vulnerabilities in F5 Devices

CVE-2021-22986 (CVSS 9.8) – No authentication is needed for attackers to exploit this F5 vulnerability by remotely running system commands on different F5 products. With a critical score of 9.8 on the Common Vulnerability Scoring System scale, threat actors can create and delete files, execute commands, and disable services.

CVE-2021-22987 (CVSS 9.9), CVE-2021-22988 (CVSS 8.0), CVE-2021-22989 (CVSS 6.6) – These three vulnerabilities affect traffic management user interface (TMUI) configuration tool on F5 devices. They also allow authenticated users to execute commands remotely on undisclosed pages.

Further vulnerabilities were announced by F5 with CVSS scores of 9.0.

CVE-2021-22991 (CVSS 9.0) – Requests to this server that are not handled properly by Traffic Management Microkernel URI normalization may result in a Denial of Service attack but could also bypass URL-based access control or remote code execution (RCE).

CVE-2021-22992 (CVSS 9.0) – Another potential Denial of Service attack vulnerability, but this is triggered by a malicious HTTP response to an advanced WAF/BIG-IP ASM virtual server with a login page configured in its policy and may trigger a buffer overflow. This vulnerability can also lead to remote code execution (RCE) and eventual system compromise.

More information about the vulnerabilities can be found here in a tweet released by F5.

The announcement of these vulnerabilities comes right after news of the Microsoft Exchange vulnerabilities. It’s important to note the connection between Microsoft and F5. Microsoft is a direct customer of F5, while F5 also claims they offer products to 48 of the Fortune 50. Many large organizations are now at risk and some through multiple, different avenues.

Engaging with a firm like SpearTip can take the weight off of your team’s shoulders during situations like this. Our team is ready to respond to threats and adapt to changing circumstances in the threat landscape while the engineers in our Security Operations Center work 24/7 to continuously monitor networks. They work in conjunction with our endpoint detection and response tool, ShadowSpear®

If you’re a leader in your organization, working through the steps to incorporate SpearTip’s services will benefit your team financially, as well as operationally. In turn, your overall brand reputation will be protected because the exploitation of the aforementioned vulnerabilities will be mitigated.

SpearTip’s cyber professionals continuously monitor environments 24/7 in our US-based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you’re experiencing a breach, call our Security Operations Center at 833.997.7327.


Connect With Us

Featured Articles

Cybersecurity Health Checks
Cybersecurity Health Checks: Why Companies Need Them
22 April 2024
New Loop DoS Attack
New Loop DoS Attack Affecting Linux Systems
19 April 2024
Possible Cyberattack
Possible Cyberattack During 2024 Summer Olympics
15 April 2024
Tabletop Exercises
Tabletop Exercises: Transformative Impact on Companies
12 April 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.