As part of our ongoing security vulnerability management practices, today F5 announced several vulnerabilities and fixes for both BIG-IP and BIG-IQ. The bottom line is that they affect all BIG-IP and BIG-IQ customers and instances—we urge all customers to update their BIG-IP and BIG-IQ deployments to the fixed versions as soon as possible.
The four critical vulnerabilities in the announcement affect BIG-IP versions 11.6 or 12.x and newer, with one of these critical vulnerabilities also affecting BIG-IQ versions 6.x and 7.x. In addition, seven high severity vulnerabilities and ten medium severity vulnerabilities are included in the announcement.
These vulnerabilities were discovered as a result of regular and continuous internal security testing of our solutions and in partnership with respected third parties working through F5’s security program. Because we understand how critical BIG-IP and BIG-IQ are to our customers, as soon as these vulnerabilities were discovered we immediately began work on fixes and we published the security advisories as soon as we could supply our customers with fixed versions.
F5 remains fully committed to equipping our customers and the cybersecurity community at large with information about vulnerabilities to strengthen our collective defenses against cyberattacks. We have comprehensive security practices—including secure training and frameworks, testing, internal and external auditing, and vulnerability management and disclosure—across the company, which we are continuously enhancing to meet ever-evolving cybersecurity threats.
We further strengthen our security measures through close collaboration with partners who regularly perform diligence on and test our systems. Finally, we continually review our processes and procedures—in consultation with third parties—to identify opportunities to further improve our products and security practices.
Next steps
We strongly recommend that all customers update their BIG-IP and BIG-IQ deployments to a fixed version as soon as possible—this is the only way to fully address the vulnerabilities. If you cannot update your systems immediately, we advise you to apply any additional mitigation recommendations detailed in the security advisories while developing a plan to complete the updates. Additional resources on the vulnerabilities and the steps you should take to remediate your exposure are available at the F5 vulnerability response site:
Our support teams are available to provide guidance and resources to customers across the globe, so don't hesitate to contact them for help. You can also subscribe to notifications for software releases, security alerts, and other important updates.
The trust you place in F5 to handle the security and delivery of your most important assets—your applications—is not something we take lightly. We understand vulnerability remediation can be disruptive to your business. We’re committed to helping you efficiently update your BIG-IP and BIG-IQ systems to the latest, most secure, and best-performing versions—so that you can continue doing what you do best: serving your own customers.
About the Author
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...