Patchday: F5 patches vulnerabilities in BIG IP and Nginx

0
34
patchday f5 patches vulnerabilities in big ip and nginx.jpg
patchday f5 patches vulnerabilities in big ip and nginx.jpg

F5 delivers software updates to close 21 security vulnerabilities. Most high-risk bugs affect the vendor’s BIG-IP systems.

 

For patch day in August, the network specialist F5 will be delivering bug fixes for 21 vulnerabilities. The US cyber security authority CISA warns that registered attackers could take control of vulnerable systems through some of the gaps. IT admins of BIG-IP and Nginx systems should take action and install the updates.

 

Overall, F5 lists twelve vulnerabilities with a risk rating of “high”. They all affect the company’s BIG-IP systems and the central management software BIG-IQ. This could allow attackers with privileged access to take over systems, or exploit denial-of-service vulnerabilities to cripple unattended malicious actors.

The manufacturer classifies a further eight vulnerabilities in BIG-IP, BIG-IQ and Nginx as medium threats. In addition, there is only a low risk of a gap in BIG-IP through which attackers with privileged server access could read data.

The vulnerabilities affect the following program versions:

BIG-IP 17.0.0, 16.1.0 – 16.1.3, 15.1.0 – 15.1.6, 14.1.0 – 14.1.5, 13.1.0 – 13.1.5
BIG IQ 8.0.0 – 8.1.0, 7.0.0 – 7.1.0
Ngnix Instance Manager 2.0.0 – 2.3.0, 1.0.0 – 1.0.4
Nginx Ingress Controller 2.0.0 – 2.2.0, 1.0.0 – 1.12.4

Numerous sub-versions receive their own updates to fix the bugs. However, BIG-IP 13 and older versions will not receive an update. Here administrators have to migrate to a newer software branch. According to the security advisory from F5, two medium-severity DoS vulnerabilities in BIG-IQ 8.0.0 to 8.2.0 remain unfixed.

Since cybercriminals regularly target vulnerabilities in F5 systems immediately, IT managers should quickly download and install the available updates.

SEE ALSO  This mobile is a bargain in Spain: Motorola G04 for 129 euros with 128 GB of memory