Yet another security vendor finds critical bugs in its products

Jeffrey Cuebas March 11, 2021

Cybersecurity firm F5 has published an advisory warning of seven vulnerabilities in its solution suite, 4 of which are categorised as significant.

The bugs affect all F5 Massive-IP and Massive-IQ deployments and can be abused to execute distant code execution (RCE), denial-of-services (DoS) and product takeover attacks.

So significant are the bugs that the US Cyberspace and Infrastructure Company (CISA) has also published a detect, in which it calls for businesses to “review the F5 advisory and put in updated application as shortly as achievable.”

In accordance to the F5 advisory, fixes are now offered for all seven vulnerabilities.

F5 security vulnerabilities

The most significant of the F5 vulnerabilities, CVE-2021-22987, was handed a severity ranking of nine.nine/ten as for every the Common Vulnerability Scoring Normal (CVSS). The bug lets people with community obtain to the Configuration utility (also identified as the Traffic Administration User Interface) to “execute arbitrary program instructions, develop or delete information, or disable companies.”

CVE-22021-22986, in the meantime, relates to the iControl Rest interface and results in chance for the identical varieties of assault, earning it a severity ranking of nine.eight.

Both equally flaws demand obtain to obtain to the handle plane, having said that, so would demand the attacker to either very own or steal login credentials.

The last two significant bugs, CVE-2021-22991 and CVE-2021-22992, are buffer-overflow vulnerabilities that open up the doorway to DoS attacks and, in sure conditions, to distant code execution.

Further than these 4 significant vulnerabilities, the firm also published details on one medium-severity and two superior-severity flaws, together with an apology to affected clients.

“These vulnerabilities were found as a end result of common and continual inside security screening of our answers,” reported F5 in a site post. “Because we comprehend how significant Massive-IP and Massive-IQ are to our clients, as shortly as these vulnerabilities were found we right away began do the job on fixes and published the securities advisories as shortly as we could.”

“The believe in you area in F5 to cope with the security and shipping of your most critical belongings – your programs – is not some thing we acquire frivolously. We comprehend vulnerability remediation can be disruptive to your organization.”

Tags: , , , , ,

More Stories

Understanding Attorney Types and How to Choose a Specific Law Specialty

Understanding Attorney Types and How to Choose a Specific Law Specialty

Jeffrey Cuebas April 18, 2024 0
An Overview of Present day Technology

An Overview of Present day Technology

Jeffrey Cuebas April 15, 2024 0
Is Blockchain the Latest Revolution in Engineering?

Is Blockchain the Latest Revolution in Engineering?

Jeffrey Cuebas April 10, 2024 0

You may have missed

A Brief Historical past of Computer Terminals

A Brief Historical past of Computer Terminals

Jeffrey Cuebas April 25, 2024 0
Consequences Of Technology And Superior-Tech Devices In Our Lives

Consequences Of Technology And Superior-Tech Devices In Our Lives

Jeffrey Cuebas April 23, 2024 0
Make Tunes On the internet With New music Software

Make Tunes On the internet With New music Software

Jeffrey Cuebas April 23, 2024 0
How to Connect PS3 by Applying a USB Modem

How to Connect PS3 by Applying a USB Modem

Jeffrey Cuebas April 22, 2024 0
On line Recruitment Software package Vs Self-Hosted Recruitment Application

On line Recruitment Software package Vs Self-Hosted Recruitment Application

Jeffrey Cuebas April 20, 2024 0