F5 Bug Could Lead to Complete System Takeover

silversurfer

Level 83
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,298
Application delivery and networking firm F5 released a baker’s dozen of 13 fixes for high-severity bugs, including one that could lead to complete system takeover and hence is boosted to “critical” for customers that run BIG-IP in Appliance Mode, given that an attacker that holds valid credentials can bypass Appliance Mode restrictions.

F5 – maker of near-ubiquitously installed enterprise networking gear – released nearly 30 vulnerabilities for multiple devices in its August security updates.
The worst of the bunch is tracked as CVE-2021-23031 and affects BIG-IP modules Advanced WAF (Web Application Firewall) and the Application Security Manager (ASM) – specifically, the Traffic Management User Interface (TMUI).

F5 said that when the vulnerability is exploited, “an authenticated attacker with access to the Configuration utility can execute arbitrary system commands, create or delete files, and/or disable services,” potentially leading to “complete system compromise.”

CVE-2021-23031 normally entails a high rating of 8.8 severity, but that gets jacked up to 9.9 for just those customers that are using Appliance mode. The Appliance mode adds technical restrictions and is designed to meet the needs of customers in “especially sensitive sectors” by “limiting the BIG-IP system administrative access to match that of a typical network appliance and not a multi-user UNIX device.”

F5 lists a number of products that contain the affected code but aren’t vulnerable, given that attackers can’t exploit the code in default, standard or recommended configurations. F5 noted that there are a limited number of customers using it in the mode – i.e., Appliance mode – that elevates the vulnerability’s CVSSv3 severity score to 9.9 (critical).