Admins of BIG-IP Appliances Captured by F5: Under certain conditions, attackers were able to access systems and in the worst case own commands export. The risk arising from some security is with "high" classy. Patches loose the security problems.
Admins should look closely at the warnings linked below this message and install the security updates relevant for them.
The dangerous luck (CVE-2021-22986, "high") can be found in the IControl Rest component and affects all BIG-IP modules. The systems are only vulnerable when they run in the Appliance Fashion. If that’s the case, an authenticated user with a valid user credentials that the role could "Administrator" has been assigned the restrictions of appliance mode and export any commands.
Set attackers to the vulnerability (CVE-2021-23008, "high") In the Access Policy Manager (APM), you could take KDC connections by sending AS-REP responses.
Another safety chake (CVE-2021-23012) is also with "high" classified when BIG-IP Syteme is running in Appliance Fashion. Here attackers were able to receive admin rights on a non-closely described way, break out of the Appliance Fashion Sandbox and Export Commands.
Through further successful attacks, attackers of DOS attacks were able to access exports and access actually silenced data.
List by threat degree sorted descending:
- Appliance Fashion Authenticated IControl Rest Vulnerability CVE-2021-23015Big-IP APM Ad Authentication Vulnerability CVE-2021-23008Resource Administrator OR Administrator Role Authenticated Local Command Execution Vulnerability CVE-2021-23012TMM with HTTP / 2 Vulnerability (CVE-2021-23009) Big- IP ASM and Advanced Waf WebSocket Vulnerability CVE-2021-23010TMM Vulnerability CVE-2021-23011BIG-IP APM ACL Bypass Vulnerability CVE-2021-23016BIG-IP Advanced WAF and ASM REST API VULNERABILITY CVE-2021-23014