F5 Products Multiple Vulnerabilities

Release Date: 6 Feb 2025

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in F5 Products, attacker can exploit this vulnerability to trigger remote code execution, denial of service condition, sensitive information disclosure and security restriction bypass on the targeted system.

Impact

Information Disclosure
Denial of Service
Security Restriction Bypass
Remote Code Execution

System / Technologies affected

BIG-IP (all modules)

15.1.0 - 15.1.10
16.1.0 - 16.1.5
17.1.0 - 17.1.2

BIG-IP (PEM)

15.1.0 - 15.1.10
16.1.0 - 16.1.4
17.1.0 - 17.1.1

BIG-IP (ASM)

15.1.0 - 15.1.10
16.1.0 - 16.1.4
17.1.0 - 17.1.1

BIG-IP (AFM)

15.1.0 - 15.1.10
16.1.0 - 16.1.5
17.1.0 - 17.1.1

BIG-IP (APM)

15.1.0 - 15.1.10
16.1.0 - 16.1.4
17.1.0 - 17.1.1

BIG-IP Next SPK

1.7.0 - 1.7.6
1.8.0 - 1.8.2
1.9.0

BIG-IP Next Central Manager

20.2.0 - 20.2.1

BIG-IP Next CNF

1.1.0 - 1.3.3

NGINX Plus

R28 - R33

NGINX Open Source

1.11.4 - 1.27.3

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

2025年2月6日星期四