{"id":2979,"date":"2021-08-27T12:50:08","date_gmt":"2021-08-27T07:20:08","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=2979"},"modified":"2021-08-27T12:50:10","modified_gmt":"2021-08-27T07:20:10","slug":"new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/","title":{"rendered":"New Security Patches Released by F5 for BIG-IP and BIG-IQ Devices"},"content":{"rendered":"\n<p><p style=\"text-align: justify;\">The BIG-IP application services company F5 had fixed more than a dozen<strong>&nbsp;<\/strong>of high-asperity vulnerabilities in its networking device, one of them being inflated to critical asperity under some conditions.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">These issues are part of this month\u2019s delivery of security updates, which directly addresses about 30 vulnerabilities for multiple F5 devices.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What are the Critical Bugs affecting Sensitive Sectors?<\/strong><\/h2>\n\n\n\n<p><p style=\"text-align: justify;\">From the thirteen-severity bugs that F5 fixed, one becomes critical in a configuration \u201cdesigned to meet the requirements of customers in specifically sensitive sectors\u201d and could edge to complete system negotiation.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">The flaw is now tracked as CVE-2021-23031 and harms BIG-IP modules Advances WAF short for Web Application Firewall and the Application Security Manager (ASM), specifically the Traffic Management User Interface (TMUI).<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">It is a privilege escalation with an 8.8 severity score that can be abused by an unauthenticated attacker with access to the Configuration utility to run arbitrary system commands, which could result in the completion of system negotiation. For those customers using the Appliance Mode, which applies some of the technical restrictions, the same vulnerability appears with a critical rating of 9.9 out of 10.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">F5\u2019s security advisory for CVE-2021-23031 does not even provide many details on why there are two severity ratings, but note that there is a \u201climited number of users\u201d that are affected by the critical variant of the flaw unless they install the updated version or implement alleviation.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">For associations where amending the devices is not possible, F5 says that the only approach to fight against probable exploitation is to hinder connection to the Configuration service only to completely trusted users.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Except for CVE-2021-23031, the dozen high-severity security bugs that F5 addressed this month come with risk scores between 7.2 and 7.5. Half of them harm all modules, five impacts the Advanced WAF and ASM, and one affects the DNS module.<\/p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What are the Vulnerabilities Resolved by F5?&nbsp;<\/strong>&nbsp; &nbsp;&nbsp;<\/h2>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-medium\"><img decoding=\"async\" loading=\"lazy\" width=\"300\" height=\"169\" src=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/New-Security-Patches-Released-by-F5-for-BIG-IP-and-BIG-IQ-Devices-image1-300x169.jpg\" alt=\"New-Security-Patches-Released-by-F5-for-BIG-IP-and-BIG-IQ-Devices-image1\" class=\"wp-image-2982\" srcset=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/New-Security-Patches-Released-by-F5-for-BIG-IP-and-BIG-IQ-Devices-image1-300x169.jpg 300w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/New-Security-Patches-Released-by-F5-for-BIG-IP-and-BIG-IQ-Devices-image1-768x432.jpg 768w, https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/New-Security-Patches-Released-by-F5-for-BIG-IP-and-BIG-IQ-Devices-image1.jpg 800w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/figure><\/div>\n\n\n\n<ul><li>CVE-2021-23025 (CVSS score: 7.2) &#8211; Authenticated remote command execution vulnerability in BIG-IP Configuration utility<\/li><li>CVE-2021-23026 (CVSS score: 7.5) &#8211; Cross-site request forgery (CSRF) vulnerability in iControl SOAP<\/li><li>CVE-2021-23027 and CVE-2021-23037 (CVSS score: 7.5) &#8211; TMUI DOM-based and reflected cross-site scripting (XSS) vulnerabilities<\/li><li>CVE-2021-23028 (CVSS score: 7.5) &#8211; BIG-IP Advanced WAF and ASM vulnerability<\/li><li>CVE-2021-23029 (CVSS score: 7.5) &#8211; BIG-IP Advanced WAF and ASM TMUI vulnerability<\/li><li>CVE-2021-23030 and CVE-2021-23033 (CVSS score: 7.5) &#8211; BIG-IP Advanced WAF and ASM Websocket vulnerabilities<\/li><li>CVE-2021-23032 (CVSS score: 7.5) &#8211; BIG-IP DNS vulnerability<\/li><li>CVE-2021-23034, CVE-2021-23035, and CVE-2021-23036 (CVSS score: 7.5) &#8211; Traffic Management Microkernel vulnerabilities<\/li><\/ul>\n\n\n\n<p><p style=\"text-align: justify;\">Moreover, F5 has also patched some bugs that range from directory traversal vulnerability and SQL insertion to launch redirect vulnerability and cross-site request forgery, as well as a MySQL database flaw that results in the database consuming more storage space than expected when brute-force security features of the firewall are enabled.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">With F5 devices often becoming juicy targets for active exploitation trials by threat actors, it&#8217;s highly suggested that users and administrators immediately install updated software or apply the essential mitigations as soon as possible.&nbsp; &nbsp; &nbsp;<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The BIG-IP application services company F5 had fixed more than a dozen&nbsp;of high-asperity vulnerabilities in its networking device, one of them being inflated to critical asperity under some conditions. These issues are part of this month\u2019s delivery of security updates, which directly addresses about 30 vulnerabilities for multiple F5 devices. What are the Critical Bugs [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":2981,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.11 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>New Security Patches Released by F5 for BIG-IP and BIG-IQ Devices - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New Security Patches Released by F5 for BIG-IP and BIG-IQ Devices - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"The BIG-IP application services company F5 had fixed more than a dozen&nbsp;of high-asperity vulnerabilities in its networking device, one of them being inflated to critical asperity under some conditions. These issues are part of this month\u2019s delivery of security updates, which directly addresses about 30 vulnerabilities for multiple F5 devices. What are the Critical Bugs [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-27T07:20:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-27T07:20:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/New-Security-Patches-Released-by-F5-for-BIG-IP-and-BIG-IQ-Devices-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"New Security Patches Released by F5 for BIG-IP and BIG-IQ Devices\",\"datePublished\":\"2021-08-27T07:20:08+00:00\",\"dateModified\":\"2021-08-27T07:20:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/\"},\"wordCount\":519,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/\",\"url\":\"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/\",\"name\":\"New Security Patches Released by F5 for BIG-IP and BIG-IQ Devices - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-08-27T07:20:08+00:00\",\"dateModified\":\"2021-08-27T07:20:10+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New Security Patches Released by F5 for BIG-IP and BIG-IQ Devices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Security Patches Released by F5 for BIG-IP and BIG-IQ Devices - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/","og_locale":"en_US","og_type":"article","og_title":"New Security Patches Released by F5 for BIG-IP and BIG-IQ Devices - Xiarch Solutions Private Limited","og_description":"The BIG-IP application services company F5 had fixed more than a dozen&nbsp;of high-asperity vulnerabilities in its networking device, one of them being inflated to critical asperity under some conditions. These issues are part of this month\u2019s delivery of security updates, which directly addresses about 30 vulnerabilities for multiple F5 devices. What are the Critical Bugs [&hellip;]","og_url":"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-08-27T07:20:08+00:00","article_modified_time":"2021-08-27T07:20:10+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/New-Security-Patches-Released-by-F5-for-BIG-IP-and-BIG-IQ-Devices-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"New Security Patches Released by F5 for BIG-IP and BIG-IQ Devices","datePublished":"2021-08-27T07:20:08+00:00","dateModified":"2021-08-27T07:20:10+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/"},"wordCount":519,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/","url":"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/","name":"New Security Patches Released by F5 for BIG-IP and BIG-IQ Devices - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-08-27T07:20:08+00:00","dateModified":"2021-08-27T07:20:10+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/new-security-patches-released-by-f5-for-big-ip-and-big-iq-devices\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"New Security Patches Released by F5 for BIG-IP and BIG-IQ Devices"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2979"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=2979"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2979\/revisions"}],"predecessor-version":[{"id":2983,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2979\/revisions\/2983"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/2981"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=2979"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=2979"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=2979"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}