My Pulsant
F5 vulnerabilities (March 2021)
Incident
Report for Pulsant Service
Resolved
This incident has been resolved.
Identified
On March 10th, 2021, F5 announced four critical CVEs, along with three related CVEs (two high and one medium).
The seven (7) related vulnerabilities are as follows:
K03009991: iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986
The iControl REST interface has an unauthenticated remote command execution vulnerability.
CVSS score: 9.8 (Critical)
K18132488: Appliance Mode TMUI authenticated remote command execution vulnerability CVE-2021-22987
When running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
CVSS score: 9.9 (Critical)
K70031188: TMUI authenticated remote command execution vulnerability CVE-2021-22988
TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
CVSS score: 8.8 (High)
K56142644: Appliance mode Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22989
When running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
CVSS score: 8.0 (High)
K45056101: Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22990
On systems with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
CVSS score: 6.6 (Medium)
K56715231: TMM buffer-overflow vulnerability CVE-2021-22991
Undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may theoretically allow bypass of URL based access control or remote code execution (RCE).
CVSS score: 9.0 (Critical)
K52510511: Advanced WAF/ASM buffer-overflow vulnerability CVE-2021-22992
A malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution (RCE), leading to complete system compromise.
CVSS score: 9.0 (Critical)
More information is available on the following page. https://support.f5.com/csp/article/K02566623
Pulsant are working to mitigate any risk and apply appropriate patching where applicable.
Pulsant recommends that all customers who manage their own load balancers refer to the guidance detailed in the links above.
The seven (7) related vulnerabilities are as follows:
K03009991: iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986
The iControl REST interface has an unauthenticated remote command execution vulnerability.
CVSS score: 9.8 (Critical)
K18132488: Appliance Mode TMUI authenticated remote command execution vulnerability CVE-2021-22987
When running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
CVSS score: 9.9 (Critical)
K70031188: TMUI authenticated remote command execution vulnerability CVE-2021-22988
TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
CVSS score: 8.8 (High)
K56142644: Appliance mode Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22989
When running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
CVSS score: 8.0 (High)
K45056101: Advanced WAF/ASM TMUI authenticated remote command execution vulnerability CVE-2021-22990
On systems with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.
CVSS score: 6.6 (Medium)
K56715231: TMM buffer-overflow vulnerability CVE-2021-22991
Undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may theoretically allow bypass of URL based access control or remote code execution (RCE).
CVSS score: 9.0 (Critical)
K52510511: Advanced WAF/ASM buffer-overflow vulnerability CVE-2021-22992
A malicious HTTP response to an Advanced WAF/BIG-IP ASM virtual server with Login Page configured in its policy may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may allow remote code execution (RCE), leading to complete system compromise.
CVSS score: 9.0 (Critical)
More information is available on the following page. https://support.f5.com/csp/article/K02566623
Pulsant are working to mitigate any risk and apply appropriate patching where applicable.
Pulsant recommends that all customers who manage their own load balancers refer to the guidance detailed in the links above.
This incident affected: Threat Intelligence Alert.