mickmick.net

F5 Products Multiple Vulnerabilities

Release Date: 8 Dec 2022

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in F5 Products. A remote attacker could exploit some of these vulnerabilities to trigger data manipulation, denial of service condition and information disclosure on the targeted system.

 

---

Impact

• Denial of Service
• Information Disclosure
• Data Manipulation

---

System / Technologies affected

BIG-IP

• 17.0.0
• 16.1.0 - 16.1.3
• 15.1.0 - 15.1.8
• 14.1.0 - 14.1.5
• 13.1.0 - 13.1.5

 

BIG-IQ Centralized Management

• 8.0.0 - 8.2.0
• 7.1.0

 

Traffix SDC

• 5.1.0

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://support.f5.com/csp/article/K35253541
• https://support.f5.com/csp/article/K71522481

---

Vulnerability Identifier

• CVE-2020-14779
• CVE-2020-14781
• CVE-2020-14782
• CVE-2020-14797
• CVE-2021-2163

---

Source

• AusCERT
• F5

---

Related Link

• https://www.auscert.org.au/bulletins/ESB-2022.6364
• https://www.auscert.org.au/bulletins/ESB-2022.6368
• https://support.f5.com/csp/article/K35253541
• https://support.f5.com/csp/article/K71522481