Skip to main content

Security vendor F5 discovers critical vulnerabilities in its products

(Image credit: Shutterstock / Song_about_summer)

Cybersecurity company F5 has identfied seven vulnerabilities affecting its products, the company confirmed in a blog post.

As reported by SC Magazine (opens in new tab), F5 revealed that its BIG-IP and BIG-IQ network devices (opens in new tab) suffer from vulnerabilities in the iControl REST interface and Traffic Management User Interface, as well as two buffer overflow vulnerabilities. 

Of the seven flaws identified, six have a severity score of 8/10 or higher, as per the Common Vulnerability Scoring System, while four were classified as critical (with scores between 9.0 and 9.9).

All seven vulnerabilities have been addressed and F5 has urged all affected customers to apply the relevant patches as soon as possible.

“The bottom line is that they affect all BIG-IP and BIG-IQ customers and instances – we urge all customers to update their BIG-IP and BIG-IQ deployments to the fixed versions as soon as possible,” wrote Kara Sprague, SVP and GM of F5’s Big-IP products.

Further analyzing the vulnerabilities, F5 security architect Jason Rahm said they aren’t exactly trivial to exploit, but added that “not all of them have a practical mitigation”.

This is the second time in a year that F5’s BIG-IP range is under the spotlight for all the wrong reasons. Last July, it was reported that cybercriminals were trying to exploit a vulnerability in the devices to install cryptocurrency miners and IoT malware.

  • Stay safe online with the best VPN (opens in new tab) services

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.