JPCERT-AT-2021-0014
JPCERT/CC
2021-03-22
F5 Networks
K02566623: Overview of F5 vulnerabilities (March 2021)
https://support.f5.com/csp/article/K02566623
As for the remote command execution vulnerability in iControl REST interface (CVE-2021-22986) among these vulnerabilities, JPCERT/CC confirmed the Proof-of-Concept codes had already been made public, and also observed the information of scanning activities targeting the vulnerability and traffic which appeared to exploit this vulnerability.Users of affected products are recommended to take measures as soon as possible. For more information on the vulnerability, please refer to the information provided by F5 Networks.
F5 Networks
K03009991: iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986
https://support.f5.com/csp/article/K03009991
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO)
- 16.x versions from 16.0.0 to 16.0.1
- 15.x versions from 15.1.0 to 15.1.2
- 14.x versions from 14.1.0 to 14.1.3
- 13.x versions from 13.1.0 to 13.1.3
- 12.x versions from 12.1.0 to 12.1.5
BIG-IQ Centralized Management
- 7.x versions 7.1.0, 7.0.0
- 6.x versions 6.0.0 to 6.1.0
BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO)
- 16.0.1.1
- 15.1.2.1
- 14.1.4
- 13.1.3.6
- 12.1.5.3
BIG-IQ Centralized Management
- 8.0.0
- 7.1.0.3, 7.0.0.2
Also, F5 Networks has provided workarounds such as access restrictions as a way to mitigate the impact caused by the vulnerability. If it is difficult to apply update, please consider applying the workarounds.
NCC Group
RIFT: Detection capabilities for recent F5 BIG-IP/BIG-IQ iControl REST API vulnerabilities CVE-2021-22986
https://research.nccgroup.com/2021/03/18/rift-detection-capabilities-for-recent-f5-big-ip-big-iq-icontrol-rest-api-vulnerabilities-cve-2021-22986/
F5 Networks
K04532512: Frequently asked questions for CVE-2021-22986, CVE-2021-22987, CVE-2021-22988, CVE-2021-22989, and CVE-2021-22990
https://support.f5.com/csp/article/K04532512
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/
JPCERT/CC
2021-03-22
I. Overview
On March 10, 2021 (Local Time), F5 Networks has released information regarding multiple vulnerabilities in BIG-IP products. An unauthenticated remote attacker leveraging these vulnerabilities may execute arbitrary code.F5 Networks
K02566623: Overview of F5 vulnerabilities (March 2021)
https://support.f5.com/csp/article/K02566623
As for the remote command execution vulnerability in iControl REST interface (CVE-2021-22986) among these vulnerabilities, JPCERT/CC confirmed the Proof-of-Concept codes had already been made public, and also observed the information of scanning activities targeting the vulnerability and traffic which appeared to exploit this vulnerability.Users of affected products are recommended to take measures as soon as possible. For more information on the vulnerability, please refer to the information provided by F5 Networks.
F5 Networks
K03009991: iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986
https://support.f5.com/csp/article/K03009991
II. Affected Products
The following products and versions are affected by the vulnerability(CVE-2021-22986):BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO)
- 16.x versions from 16.0.0 to 16.0.1
- 15.x versions from 15.1.0 to 15.1.2
- 14.x versions from 14.1.0 to 14.1.3
- 13.x versions from 13.1.0 to 13.1.3
- 12.x versions from 12.1.0 to 12.1.5
BIG-IQ Centralized Management
- 7.x versions 7.1.0, 7.0.0
- 6.x versions 6.0.0 to 6.1.0
III. Solution
F5 Networks released versions of the products addressing the vulnerability (CVE-2021-22986). Please consider updating to the versions after thorough testing.BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO)
- 16.0.1.1
- 15.1.2.1
- 14.1.4
- 13.1.3.6
- 12.1.5.3
BIG-IQ Centralized Management
- 8.0.0
- 7.1.0.3, 7.0.0.2
Also, F5 Networks has provided workarounds such as access restrictions as a way to mitigate the impact caused by the vulnerability. If it is difficult to apply update, please consider applying the workarounds.
IV. Related Information
Information has been released by the NCC Group on how to investigate whether the system has already been impacted by the exploit of the vulnerability.NCC Group
RIFT: Detection capabilities for recent F5 BIG-IP/BIG-IQ iControl REST API vulnerabilities CVE-2021-22986
https://research.nccgroup.com/2021/03/18/rift-detection-capabilities-for-recent-f5-big-ip-big-iq-icontrol-rest-api-vulnerabilities-cve-2021-22986/
V. References
F5 Networks
K04532512: Frequently asked questions for CVE-2021-22986, CVE-2021-22987, CVE-2021-22988, CVE-2021-22989, and CVE-2021-22990
https://support.f5.com/csp/article/K04532512
If you have any information regarding this alert, please contact JPCERT/CC.
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/