Caleb Boma | March 11th, 2021

A major enterprise and application protection vendor, F5, announced new critical vulnerabilities affecting BIG-IP and BIG-IQ software. An F5 leader explained these vulnerabilities affect all of their customers.

CVE-2021-22986 (CVSS 9.8) – No authentication is needed for attackers to exploit this F5 vulnerability by remotely running system commands on different F5 products. With a critical score of 9.8 on the Common Vulnerability Scoring System scale, threat actors can create and delete files, execute commands, and disable services.

CVE-2021-22987 (CVSS 9.9), CVE-2021-22988 (CVSS 8.0), CVE-2021-22989 (CVSS 6.6) – These three vulnerabilities affect traffic management user interface (TMUI) configuration tool on F5 devices. They also allow authenticated users to execute commands remotely in undisclosed pages.

Further vulnerabilities were announced by F5 with CVSS scores of 9.0.

CVE-2021-22991 (CVSS 9.0) – Requests to this server that are not handled properly by Traffic Management Microkernel URI normalization may result in a Denial of Service attack but could also bypass URL based access control or remote code execution (RCE).

CVE-2021-22992 (CVSS 9.0) – Another potential Denial of Service attack vulnerability, but this is triggered by a malicious HTTP response to an advanced WAF/BIG-IP ASM virtual server with login page configured in its policy may trigger a buffer overflow. This vulnerability can also lead to remote code execution (RCE) and eventual system compromise.

More information about the vulnerabilities can be found here in a tweet released by F5.

The announcement of these vulnerabilities comes right after news of the Microsoft Exchange vulnerabilities. It’s important to note the connection of Microsoft and F5. Microsoft is a direct customer of F5, while F5 also claims they offer products to 48 of the Fortune 50. Many large organizations are now at risk and some through multiple, different avenues.

Engaging with a firm like SpearTip can take the weight off of your team’s shoulders during situations like this. Our team is ready to respond to threats and adapts to changing circumstances in the threat landscape while the engineers in our Security Operations Center work 24/7 to continuously monitor networks. They work in conjunction with our endpoint detection and response tool, ShadowSpear®

If you’re a leader in your organization, working through the steps to incorporate SpearTip’s services will benefit your team financially, as well as operationally. In turn, your overall brand reputation will be protected because the exploitation of the aforementioned vulnerabilities will be mitigated.

SpearTip’s cyber experts continuously monitor environments 24/7 in our US based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have a direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you’re experiencing a breach, call our Security Operations Center at 833.997.7327.