Rewterz Threat Advisory – ICS – Delta Electronics TPEditor Vulnerability
August 25, 2021Rewterz Threat Alert – APT10 MenuPass – Active IOCs
August 25, 2021Rewterz Threat Advisory – ICS – Delta Electronics TPEditor Vulnerability
August 25, 2021Rewterz Threat Alert – APT10 MenuPass – Active IOCs
August 25, 2021Severity
High
Analysis Summary
CVE-2021-23025
F5 BIG-IP could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the Configuration utility. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2021-23026
F5 BIG-IP and BIG-IQ Centralized Management are vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the control plane. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2021-23027
F5 BIG-IP is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2021-23028
F5 BIG-IP (Advanced WAF and ASM) is vulnerable to a denial of service, caused by a flaw when JSON content profiles are configured for URLs as part of security policy. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the bd process to terminate, and results in a denial of service condition.
CVE-2021-23029
F5 BIG-IP (Advanced WAF and ASM) are vulnerable to server-side request forgery, caused by improper permission validation. By using a specially crafted argument, an attacker could exploit this vulnerability to conduct SSRF attack.
CVE-2021-23030
F5 BIG-IP (Advanced WAF, ASM) are vulnerable to a denial of service, caused by a flaw when a WebSocket profile is configured on a virtual server. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the bd process to terminate, and results in a denial of service condition.
CVE-2021-23031
F5 BIG-IP (Advanced WAF and ASM) could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the TMUI. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to access the Configuration utility that can execute arbitrary system commands.
CVE-2021-23032
F5 BIG-IP (DNS) is vulnerable to a denial of service, caused by a flaw when a BIG-IP DNS system is configured with non-default Wide IP and pool settings. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.
CVE-2021-23039
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when IPSec is configured. By sending specially-crafted requests, a remote authenticated attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.
CVE-2021-23040
F5 BIG-IP (AFM) is vulnerable to SQL injection. A remote authent9icated attacker could send specially-crafted SQL statements to the Configuration utility, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2021-2341
F5 BIG-IP is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Configuration utility. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Impact
- Denial of Services
- Cross-SIte Scripting
- Unauthorized Access
- Privilege Escalation
- Data Manipulation
Affected Vendors
F5
Affected Products
F5 BIG-IP (ASM) 14.1.0
F5 BIG-IP (ASM) 13.1.0
F5 BIG-IP (ASM) 13.1.3
F5 BIG-IP (ASM) 15.1.0
F5 BIG-IP 15.1.0
F5 BIG-IP 11.5.3
F5 BIG-IP 14.1.0
F5 BIG-IP 16.0.0
F5 BIG-IP 11.6.1
F5 BIG-IP 12.1.0
F5 BIG-IP 13.1.0
F5 BIG-IQ Centralized Management 6.0.0
F5 BIG-IP 15.0.0
F5 BIG-IP (Advanced WAF) 16.0.0
F5 BIG-IP (ASM) 16.0.0
F5 BIG-IP (Advanced WAF) 16.0.1
F5 BIG-IP (ASM) 16.0.1
F5 BIG-IP (ASM) 12.1.0
F5 BIG-IP (DNS) 12.1.0
F5 BIG-IP (DNS) 13.1.0
F5 BIG-IP (DNS) 14.1.0
F5 BIG-IP (DNS) 15.1.0
F5 BIG-IP 14.1.2
F5 BIG-IP (AFM) 15.1.0
F5 BIG-IP (AFM) 14.1.0
F5 BIG-IP (AFM) 13.1.0
F5 BIG-IP (AFM) 13.1.3
Remediation
Refer to F5 BIG-IP command execution for patch, upgrade, or suggested workaround information.
https://support.f5.com/csp/article/K55543151
Refer to F5 BIG-IP and BIG-IQ Centralized Management for patch, upgrade or suggested workaround information.
https://support.f5.com/csp/article/K53854428
Refer to F5 BIG-IP for patch, upgrade or suggested workaround information.
https://support.f5.com/csp/article/K24301698
Refer toF5 BIG-IP (Advanced WAF and ASM) for patch, upgrade or suggested workaround information.
https://support.f5.com/csp/article/K00602225
Refer to F5 BIG-IP (Advanced WAF and ASM) for patch, upgrade or suggested workaround information.
https://support.f5.com/csp/article/K52420610
Refer to F5 BIG-IP (Advanced WAF and ASM) for patch, upgrade or suggested workaround information.
https://support.f5.com/csp/article/K42051445
Refer to F5 BIG-IP (Advanced WAF and ASM) for patch, upgrade or suggested workaround information.
https://support.f5.com/csp/article/K41351250
Refer to F5 BIG-IP (DNS) for patch, upgrade or suggested workaround information.
https://support.f5.com/csp/article/K45407662
Refer to F5 BIG-IP for patch, upgrade or suggested workaround information.
https://support.f5.com/csp/article/K66782293
Refer to F5 BIG-IP (AFM) for patch, upgrade or suggested workaround information.
https://support.f5.com/csp/article/K94255403
Refer to F5 BIG-IP for patch, upgrade or suggested workaround information.