Security On-Demand Received Top #21 Global Ranking in the 2022 MSP501 List. See the list here

Threat Advisory: F5 Reports High Severity Vulnerabilities in Multiple Products

Threat Advisory: F5 Reports High Severity Vulnerabilities in Multiple Products

Event Summary

Multiple product vulnerabilities were reported by F5, including high, medium, and low severity risk weaknesses, involving multiple conditions that could lead an attacker to exploit F5 services installed on client premises.

Details

Product Affected Vulnerable Version CVE-CVSS Associated Risk / Details for vulnerability Recommendations
BIG-IP 13.1.0 to 17.0.0 CVE-2022-35243

CVE-2022-35728

CVE-2022-34655

CVE-2022-35245

CVE-2022-35240

CVE-2022-35236

CVE-2022-34651

CVE-2022-32455

CVE-2022-34862

CVE-2022-33203

CVE-2022-35272

CVE-2022-35735

CVE-2022-31473

CVE-2022-33962

CVE-2022-34844

CVE-2022-33947

CVE-2022-34865

CVE-2022-34851

High and medium risk vulnerabilities related to multiple attack vector and exploitation processes. Update systems with latest security patches and review specific recommendations associated with each CVE.
NGINX Instance Manager 1.0.0 – 2.0.0 CVE-2022-35241

CVE-2022-30535

Medium risk vulnerabilities related to multiple attack vector and exploitation processes. Update systems with latest security patches and review specific recommendations associated with each CVE.
BIG-IP 13.1.0 to 17.0.0 NA Attack signature security exposure. The attack signature check fails to detect and block such requests

 

SOD Actions

The Security On-Demand Threat Recon Unit will continue to monitor these events and provide relevant updates. At this time, we recommend applying vendor patches immediately.

The SOD Threat Recon Unit will also keep track of any exploitation tool or PoC (Proof of Concept) that could leverage the vulnerabilities to exploit systems actively. Additionally, the new IoCs and IoAs will be included proactively as part of the monitoring mechanism in the ThreatWatch technology on every service tier.

Please note, we have already contacted you if we have seen anything in your environment related to this vulnerability.

Please contact your Security On-Demand Customer Success Manager if you have any questions about this alert.

Resources

https://support.f5.com/csp/article/K14649763 – F5 Security Advisory

High Vulnerabilities reported:

 

Medium Vulnerabilities reported:

 

Low Vulnerabilities reported:
Security Exposure:

RECOMMENDED POSTS

High-Severity Flaws in Juniper Junos OS

(CVE-2022-22241, CVE-2022-22242, CVE-2022-22243, CVE-2022-22244, CVE-2022-22245, CVE-2022-22246) Event Summary Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices (J-Web component of Juniper Networks

Read More