Security and automation vendor F5 has warned of seven patch-ASAP-grade vulnerabilities in its Big-IP network security and traffic-grooming products, plus another 14 vulns worth fixing.
An advisory dated today lists seven CVEs, four rated critical.
Most of the bugs concern TMUI – the Traffic Management User Interface that users work with to drive F5 products – and they can be exploited to achieve remote code execution, denial of service attacks, or complete device takeovers; sometimes all three. The iControl REST API that F5 offers to automate its products is also problematic.
To kick off, there's CVE-2021-22987, which scores a 9.9 on the ten-point CVSS scale of severity as it “allows authenticated users with network access to the Configuration utility, through the BIG-IP manage ..
Support the originator by clicking the read the rest link below.