Critical Security Patches for F5 BIG-IP and F5 BIG-IQ Devices
2 min read
F5 has released security patches to fix 29 security vulnerabilities affecting multiple versions of BIG-IP and BIG-IQ devices.
Out of these 29 patches, 13 are for high-severity security vulnerabilities, 15 are for vulnerabilities rated medium severity.
CVE-2021-23031
CVSS score: 8.8
This vulnerability could allow an authenticated user to perform a privilege escalation. Affected products: F5 BIG-IP Advanced Web Application Firewall and F5 BIG-IP Application Security Manager
Publication Date: Aug 12, 2021
F5 article https://support.f5.com/csp/article/K41351250
CVE-2021-23025
CVSS score: 7.2
Authenticated remote command execution vulnerability in BIG-IP Configuration utility
Publication Date: Aug 24, 2021
F5 article: https://support.f5.com/csp/article/K55543151
CVE-2021-23026
iControl SOAP vulnerability
CVSS score: 7.5
Cross-site request forgery (CSRF) vulnerability in iControl SOAP
Publication Date: Aug 24, 2021
F5 article: https://support.f5.com/csp/article/K53854428
CVE-2021-23027
TMUI XSS vulnerability
CVSS score: 7.5
TMUI DOM-based and reflected cross-site scripting (XSS) vulnerabilities
Publication Date: Aug 24, 2021
F5 article: https://support.f5.com/csp/article/K24301698
CVE-2021-23037
TMUI XSS vulnerability
CVSS score: 7.5
TMUI DOM-based and reflected cross-site scripting (XSS) vulnerabilities
Publication Date: Aug 24, 2021
F5 article: https://support.f5.com/csp/article/K21435974
CVE-2021-23028
Advanced WAF and BIG-IP ASM vulnerability
CVSS score: 7.5
BIG-IP Advanced WAF and ASM vulnerability
Publication Date: Aug 24, 2021
F5 article: https://support.f5.com/csp/article/K00602225
CVE-2021-23029
CVSS score: 7.5
BIG-IP Advanced WAF and ASM TMUI vulnerability
Publication Date: Aug 24, 2021
F5 article: https://support.f5.com/csp/article/K52420610
CVE-2021-23030
CVSS score: 7.5
BIG-IP Advanced WAF and ASM Websocket vulnerabilities
Publication Date: Aug 24, 2021
F5 article:https://support.f5.com/csp/article/K42051445
CVE-2021-23033
CVSS score: 7.5
BIG-IP Advanced WAF and ASM Websocket vulnerabilities
Publication Date: Aug 24, 2021
F5 article: https://support.f5.com/csp/article/K05314769
CVE-2021-23032
CVSS score: 7.5
BIG-IP DNS vulnerability
Publication Date: Aug 24, 2021
F5 article: https://support.f5.com/csp/article/K45407662
CVE-2021-23034
CVSS score: 7.5
Traffic Management Microkernel vulnerabilities
Publication Date: Aug 24, 2021
F5 article: https://support.f5.com/csp/article/K30523121
CVE-2021-23035
CVSS score: 7.5
Traffic Management Microkernel vulnerabilities
Publication Date: Aug 24, 2021
F5 article: https://support.f5.com/csp/article/K70415522
CVE-2021-23036
CVSS score: 7.5
Traffic Management Microkernel vulnerabilities
Publication Date: Aug 24, 2021
F5 article: https://support.f5.com/csp/article/K05043394