Skip to main content

Security vendor F5 discovers critical vulnerabilities in its products

security
(Image credit: Shutterstock / Song_about_summer)

Cybersecurity company F5 has identfied seven vulnerabilities affecting its products, the company confirmed in a blog post.

As reported by SC Magazine, F5 revealed that its BIG-IP and BIG-IQ network devices suffer from vulnerabilities in the iControl REST interface and Traffic Management User Interface, as well as two buffer overflow vulnerabilities. 

Of the seven flaws identified, six have a severity score of 8/10 or higher, as per the Common Vulnerability Scoring System, while four were classified as critical (with scores between 9.0 and 9.9).

All seven vulnerabilities have been addressed and F5 has urged all affected customers to apply the relevant patches as soon as possible.

“The bottom line is that they affect all BIG-IP and BIG-IQ customers and instances – we urge all customers to update their BIG-IP and BIG-IQ deployments to the fixed versions as soon as possible,” wrote Kara Sprague, SVP and GM of F5’s Big-IP products.

Further analyzing the vulnerabilities, F5 security architect Jason Rahm said they aren’t exactly trivial to exploit, but added that “not all of them have a practical mitigation”.

This is the second time in a year that F5’s BIG-IP range is under the spotlight for all the wrong reasons. Last July, it was reported that cybercriminals were trying to exploit a vulnerability in the devices to install cryptocurrency miners and IoT malware.

  • Stay safe online with the best VPN services