F5, CISA Warn of Critical BIG-IP and BIG-IQ RCE Bugs
F5 Networks has warned users to patch four critical remote command execution (RCE) flaws. The company released an advisory detailing seven vulnerabilities, four of which are critical, two that represent a high risk, and one rated medium risk. The four critical flaws lie in F5’s BIG-IP and BIG-IQ enterprise networking infrastructure. They can be exploited to allow for unauthorized access to administrative privileges, granting attackers full control over a vulnerable system. Individuals utilizing either of the enterprise networking infrastructure tools should implement the patches immediately to avoid cybersecurity risks.
The company posted the advisory to its website, alongside sharing the fixed version of the applications to its customers. The situation is urgent for larger companies using BIG-IP and BIG-IQ due to the fact that F5 services some of the largest tech companies in the world, including Facebook, Microsoft, Oracle. F5 also provides networking offerings to several Fortune 500 companies, including major financial institutions and ISPs. The Cybersecurity and Infrastructure Security Agency also released a warning, urging all companies to update to the latest version of the software immediately.