F5 Products Multiple Vulnerabilities

Multiple vulnerabilities were identified in F5 Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition on the targeted system.

 

Note:

No patch is currently available for CVE-2022-43680 of some of the affected products.

No patch is currently available for CVE-2023-38709 of the affected products.

 

RISK: High Risk

TYPE: Operating Systems – Networks OS

TYPE: Networks OS

Impact

  • Denial of Service

System / Technologies affected

BIG-IP (all modules)

  • 15.1.0 – 15.1.10
  • 16.1.0 – 16.1.4
  • 17.1.0 – 17.1.1

 

BIG-IP (Advanced WAF/ASM)

  • 15.1.0 – 15.1.10
  • 16.1.0 – 16.1.4
  • 17.1.0 – 17.1.1

 

BIG-IQ Centralized Management

  • 8.1.0 – 8.3.0

 

Traffix SDC

  • 5.1.0
  • 5.2.0

 

F5OS-A

  • 1.5.1 – 1.5.2
  • 1.7.0

 

F5OS0C

  • 1.6.0 – 1.6.2

 


Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

 

Apply workarounds issued by the vendor:

 

Workaround:

Reduce the vulnerability of attacks of CVE-2022-43680 by following workaround:


BIG-IP Advanced WAF/ASM

  • Do not write any custom scripts or tools using Expat. 

BIG-IQ, F5OS-C/A

  • Restrict access to the known, good source IP addresses, and allow access to only trusted users.

 

Reduce the vulnerability of attacks of CVE-2023-38709 by following workaround:

BIG-IP 

  • Block Configuration utility access through self IP addresses and the management interface .

F5OS

  • Permit management access to F5OS only over a secure network and restrict access to only trusted users. 

 


Vulnerability Identifier


Source


Related Link

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.