F5 Releases Security Updates for BIG-IP Product Lines

Scheduled quarterly updates for F5 address 18 vulnerabilities and 1 security exposure

Threat ID:: CC-4197
Threat Severity:: Information only
Published:: 20 October 2022 3:24 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled quarterly updates for F5 address 18 vulnerabilities and 1 security exposure

Affected platforms

The following platforms are known to be affected:

F5 BIG-IP (All Modules)

F5 BIG-IQ

The following platforms are also known to be affected:

Since multiple F5 products are affected, please review Overview of F5 vulnerabilities (October 2022) for a full list.

Threat details

Introduction

F5 has released an overview of vulnerabilities for some of their networking products, including BIG-IP and BIG-IQ Centralized Management. A security exposure and 18 vulnerabilities are addressed in the advisory, with 12 rating as High impact, 5 as Medium impact, and 1 as Low impact. These vulnerabilities include executing arbitrary code, causing a denial-of-service (DoS) condition, and escalating privileges.

An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Remediation advice

Affected organisations are encouraged to review K30425568: Overview of F5 vulnerabilities (October 2022) and apply any relevant updates or mitigations.

Definitive source of threat updates