Friday, April 25, 2025
HomeCVE/vulnerabilityF5 BIG-IP Flaw Let Hackers Execute Arbitrary System Commands

F5 BIG-IP Flaw Let Hackers Execute Arbitrary System Commands

Published on

SIEM as a Service

Follow Us on Google News

F5 Networks have addressed critical vulnerabilities in its BIG-IP networking device. The vulnerability tracked as CVE-2021-23031 is a privilege escalation issue on BIG-IP Advanced Web Application Firewall (WAF) and Application Security Manager (ASM) Traffic Management User Interface (TMUI).

BIG-IP Flaw

According to the security advisory, when this vulnerability is exploited, an authenticated attacker with access to the Configuration utility can execute arbitrary system commands, create or delete files, and/or disable services.

Similarly, this flaw may result in complete system compromise. BIG-IP systems have the option of running in Appliance mode.

- Advertisement - Google News

This appliance mode is designed to meet the needs of customers in, particularly sensitive sectors by limiting the BIG-IP system administrative access to match that of a typical network appliance and not a multi-user UNIX device.

The flaw has a severity score of 8.8, nevertheless, the security advisory says, for customers using the Appliance Mode, applies some technical restrictions, the severity score raises to 9.9 out of 10.

Also, only a limited number of customers are impacted by the issue in a critical mode.

“The limited number of customers using Appliance mode have Scope: Changed, which raises the CVSSv3 score to 9.9”, reads the security advisory.

ProductBranchVersions known to be vulnerable1Fixes introduced inSeverityCVSSv3 score2Vulnerable component or feature
BIG-IP (Advanced WAF and ASM)16.x16.0.0 – 16.0.116.1.0
16.0.1.2

High — Critical – Appliance mode only3

8.89.93
TMUI/Configuration utility
15.x15.1.0 – 15.1.215.1.3
14.x14.1.0 – 14.1.414.1.4.1
13.x13.1.0 – 13.1.313.1.4
12.x12.1.0 – 12.1.512.1.6
11.x11.6.1 – 11.6.511.6.5.3
BIG-IP (all other modules)16.xNoneNot applicableNot vulnerableNoneNone
15.xNoneNot applicable
14.xNoneNot applicable
13.xNoneNot applicable
12.xNoneNot applicable
11.xNoneNot applicable
BIG-IQ Centralized Management8.xNoneNot applicableNot vulnerable4NoneNone
7.xNoneNot applicable
6.xNoneNot applicable
F5OS1.xNoneNot applicableNot vulnerableNoneNone
Traffix SDC5.xNoneNot applicableNot vulnerableNoneNone

 List of Issues Addressed by F5

F5 mentions that users can eliminate this vulnerability by installing a version listed in the Fixes column.

F5 addressed 30 high-severity vulnerabilities in multiple products, which include authenticated remote command execution flaws, cross-site scripting (XSS) issues, request forgery issues, insufficient permission, and denial-of-service flaws.

Mitigation

F5 states that the only mitigation is to remove access for users who are not completely trusted since this attack is conducted by legitimate and authenticated users.

  • Block Configuration utility access through self IP addresses.
  • Block Configuration utility access through the management interface These mitigations restrict access to the Configuration utility to only trusted networks or devices, thereby limiting the attack surface.
Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Microsoft Defender XDR False Positive Leaked Massive 1,700+ Sensitive Documents to Publish

An alarming data leak involving Microsoft Defender XDR has exposed more than 1,700 sensitive...

‘SessionShark’ – A New Toolkit Bypasses Microsoft Office 365 MFA Security

Security researchers have uncovered a new and sophisticated threat to Microsoft Office 365 users:...

Hackers Exploit MS-SQL Servers to Deploy Ammyy Admin for Remote Access

A sophisticated cyberattack campaign has surfaced, targeting poorly managed Microsoft SQL (MS-SQL) servers to...

New Report Reveals How AI is Rapidly Enhancing Phishing Attack Precision

The Zscaler ThreatLabz 2025 Phishing Report unveils the alarming sophistication of modern phishing attacks,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Microsoft Defender XDR False Positive Leaked Massive 1,700+ Sensitive Documents to Publish

An alarming data leak involving Microsoft Defender XDR has exposed more than 1,700 sensitive...

‘SessionShark’ – A New Toolkit Bypasses Microsoft Office 365 MFA Security

Security researchers have uncovered a new and sophisticated threat to Microsoft Office 365 users:...

Hackers Exploit MS-SQL Servers to Deploy Ammyy Admin for Remote Access

A sophisticated cyberattack campaign has surfaced, targeting poorly managed Microsoft SQL (MS-SQL) servers to...