• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – ICS – Delta Electronics TPEditor Vulnerability
August 25, 2021
Rewterz Threat Alert – APT10 MenuPass – Active IOCs
August 25, 2021

Rewterz Threat Advisory –Multiple F5 BIG-IP Vulnerabilities

August 25, 2021

Severity

High

Analysis Summary

CVE-2021-23025

F5 BIG-IP could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a flaw in the Configuration utility. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.

CVE-2021-23026

F5 BIG-IP and BIG-IQ Centralized Management are vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the control plane. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVE-2021-23027

F5 BIG-IP is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2021-23028

F5 BIG-IP (Advanced WAF and ASM) is vulnerable to a denial of service, caused by a flaw when JSON content profiles are configured for URLs as part of security policy. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the bd process to terminate, and results in a denial of service condition.

CVE-2021-23029


F5 BIG-IP (Advanced WAF and ASM) are vulnerable to server-side request forgery, caused by improper permission validation. By using a specially crafted argument, an attacker could exploit this vulnerability to conduct SSRF attack.

CVE-2021-23030


F5 BIG-IP (Advanced WAF, ASM) are vulnerable to a denial of service, caused by a flaw when a WebSocket profile is configured on a virtual server. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to cause the bd process to terminate, and results in a denial of service condition.

CVE-2021-23031


F5 BIG-IP (Advanced WAF and ASM) could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the TMUI. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to access the Configuration utility that can execute arbitrary system commands.

CVE-2021-23032


F5 BIG-IP (DNS) is vulnerable to a denial of service, caused by a flaw when a BIG-IP DNS system is configured with non-default Wide IP and pool settings. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate.

CVE-2021-23039


F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when IPSec is configured. By sending specially-crafted requests, a remote authenticated attacker could exploit this vulnerability to cause the Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.

CVE-2021-23040


F5 BIG-IP (AFM) is vulnerable to SQL injection. A remote authent9icated attacker could send specially-crafted SQL statements to the Configuration utility, which could allow the attacker to view, add, modify or delete information in the back-end database.

CVE-2021-2341


F5 BIG-IP is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Configuration utility. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Impact

  • Denial of Services
  • Cross-SIte Scripting
  • Unauthorized Access
  • Privilege Escalation
  • Data Manipulation

Affected Vendors

F5

Affected Products

F5 BIG-IP (ASM) 14.1.0
F5 BIG-IP (ASM) 13.1.0
F5 BIG-IP (ASM) 13.1.3
F5 BIG-IP (ASM) 15.1.0
F5 BIG-IP 15.1.0
F5 BIG-IP 11.5.3
F5 BIG-IP 14.1.0
F5 BIG-IP 16.0.0
F5 BIG-IP 11.6.1
F5 BIG-IP 12.1.0
F5 BIG-IP 13.1.0
F5 BIG-IQ Centralized Management 6.0.0
F5 BIG-IP 15.0.0
F5 BIG-IP (Advanced WAF) 16.0.0
F5 BIG-IP (ASM) 16.0.0
F5 BIG-IP (Advanced WAF) 16.0.1
F5 BIG-IP (ASM) 16.0.1
F5 BIG-IP (ASM) 12.1.0
F5 BIG-IP (DNS) 12.1.0
F5 BIG-IP (DNS) 13.1.0
F5 BIG-IP (DNS) 14.1.0
F5 BIG-IP (DNS) 15.1.0
F5 BIG-IP 14.1.2
F5 BIG-IP (AFM) 15.1.0
F5 BIG-IP (AFM) 14.1.0
F5 BIG-IP (AFM) 13.1.0
F5 BIG-IP (AFM) 13.1.3

Remediation

Refer to F5 BIG-IP command execution for patch, upgrade, or suggested workaround information.

https://support.f5.com/csp/article/K55543151

Refer to F5 BIG-IP and BIG-IQ Centralized Management for patch, upgrade or suggested workaround information.

https://support.f5.com/csp/article/K53854428

Refer to F5 BIG-IP for patch, upgrade or suggested workaround information.

https://support.f5.com/csp/article/K24301698

Refer toF5 BIG-IP (Advanced WAF and ASM) for patch, upgrade or suggested workaround information.

https://support.f5.com/csp/article/K00602225

Refer to F5 BIG-IP (Advanced WAF and ASM) for patch, upgrade or suggested workaround information.

https://support.f5.com/csp/article/K52420610

Refer to F5 BIG-IP (Advanced WAF and ASM) for patch, upgrade or suggested workaround information.

https://support.f5.com/csp/article/K42051445

Refer to F5 BIG-IP (Advanced WAF and ASM) for patch, upgrade or suggested workaround information.

https://support.f5.com/csp/article/K41351250

Refer to F5 BIG-IP (DNS) for patch, upgrade or suggested workaround information.

https://support.f5.com/csp/article/K45407662

Refer to F5 BIG-IP for patch, upgrade or suggested workaround information.

https://support.f5.com/csp/article/K66782293

Refer to F5 BIG-IP (AFM) for patch, upgrade or suggested workaround information.

https://support.f5.com/csp/article/K94255403

Refer to F5 BIG-IP for patch, upgrade or suggested workaround information.

https://support.f5.com/csp/article/K42526507

  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.