CISA Encourages Users and Administrators Update Vulnerable F5 BIG-IP and BIG-IQ Devices

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review an F5 advisory regarding multiple CVEs impacting BIG-IP and BIG-IQ devices and install updated software as soon as possible. CISA emphasizes that four of the CVEs involve critical remote code execution vulnerabilities, whereby an attacker could exploit these to take control of an affected system. Two related CVEs are buffer-overflow vulnerabilities. If triggered, a buffer overflow would result in a DoS attack, and – in certain situations – may allow remote code execution. To fully remediate the critical vulnerabilities, BIG-IP customers must update to a patched version as soon as possible. Read the advisory at CISA.