Network admins who use equipment such as firewalls or load balancers from F5 should bring systems up to date for security reasons. If this does not happen, remote attackers could, among other things, execute their own commands on BIG-IP appliances.
Only one vulnerability (CVE-2021-23031) in Application Security Manager (ASM) and Web Application Firewall (WAF) is considered to be “critical“. But only if the appliance mode is active. If this is the case, a logged on attacker with access to the configuration tool could make extensive settings and gain full control.
Even more security holes
Most of the other vulnerabilities are with “highAuthenticated attackers with network access could attack the BIG-IP configuration tool, among other things. How an attack works is not yet known in detail. If an attack works, the system could be completely compromised.
In an overview from the manufacturer of network equipment, admins can find further details on the vulnerabilities and the available security updates.