CISA Releases Emergency Directive to Mitigate Vulnerabilities in F5 Devices

(TLP:CLEAR) ACTION MAY BE REQUIRED for utilities using F5 BIG-IP hardware devices and F5OS, BIG-IP TMOS, Virtual Edition, BIG-IP Next, BIG-IP IQ software, and BNK / CNF.

On October 15, CISA issued Emergency Directive ED 26-01: Mitigate Vulnerabilities in F5 Devices to direct Federal Civilian Executive Branch agencies to inventory F5 BIG-IP products, evaluate if the networked management interfaces are accessible from public internet, and apply newly released updates from F5…