One Article Review
| Source |  Fortinet ThreatSignal |
|---|---|
| Identifiant | 4209567 |
| Date de publication | 2022-02-27 20:18:23 (vue: 2022-03-01 19:05:26) |
| Titre | F5 Releases August 2021 Security Advisory Including Critical CVE-2021-23031 |
| Texte | FortiGuard Labs is aware that F5 released a security advisory on August 24th about vulnerabilities affecting multiple versions of BIG-IP and BIG-IQ. The US Cybersecurity and Infrastructure Security Agency (CISA) published an advisory the next day urging the customers to apply the fixes or put necessary mitigations in place. Of the 13 vulnerabilities that are rated high by the vendor, CVE-2021-23031 is given the highest CVSS score of 8.8 out of 10 and affects BIG-IP Advanced WAF and Application Security Manager (ASM). When abused, the vulnerability allows "an authenticated attacker with access to the Configuration utility can execute arbitrary system commands, create or delete files, and/or disable services," which may result in the attack gaining complete control of the system. However, the CVSS score and rating jumps to 9.9 and Critical, respectively, when the products are running in Appliance mode. As Appliance mode is described as " designed to meet the needs of customers in especially sensitive sectors", CVE-2021-23031 requires additional attention and care.When Did the Vendor Post the Advisory?The vendor released the advisory on August 24th, 2021.What is the Breakdown of the Advisory?The advisory has 13 high vulnerabilities, 15 medium vulnerabilities, 1 low vulnerability and 6 security exposures affecting multiple versions of BIG-IP and BIG-IQ. However, high rating for CVE-2021-23031 is elevated to critical when the affected products are running in Appliance mode.For more details, see the Appendix for a link to "K50974556: Overview of F5 vulnerabilities (August 2021)"What is the Result of Successful Exploitation of CVE-2021-23031?Successful exploitation allows "an authenticated attacker with access to the Configuration utility can execute arbitrary system commands, create or delete files, and/or disable services." In the worst case scenario, the vulnerability enables the attack to take complete control of the system.What are the Technical Details of CVE-2021-23031?The advisory does not offer much technical details, nor why there are two separate ratings for the vulnerability other than the 9.9 rating applies to "the limited number of customers using Appliance mode."For more details, see the Appendix for a link to "K41351250: BIG-IP Advanced WAF and BIG-IP ASM vulnerability CVE-2021-23031"What is Appliance Mode?The following is provided by F5 in regard with Appliance mode:BIG-IP systems have the option of running in Appliance mode. Appliance mode is designed to meet the needs of customers in especially sensitive sectors by limiting the BIG-IP system administrative access to match that of a typical network appliance and not a multi-user UNIX device.For more details, see the Appendix for a link to "K12815: Overview of Appliance mode".How Does That Affect Overall Severity of CVE-2021-23031?Combining the facts that the vulnerability allows an authenticated attacker to take complete control of the system, the CVSS score is 9.9 when the affected products are running in Appliance mode. Since Appliance mode is designed especially for sensitive sectors, the actual severity could be even higher.What Products Are Vulnerable to CVE-2021-23031?BIG-IP Advanced Web Application Firewall (WAF) and Application Security Manager (ASM) are vulnerable to CVE-2021-23031.Which Versions of WAF and ASM Are Vulnerable to CVE-2021-23031?The following versions are listed as vulnerable per F5:16.0.0 - 16.0.115.1.0 - 15.1.214.1.0 - 14.1.413.1.0 - 13.1.312.1.0 - 12.1.511.6.1 - 11.6.5Is the Vulnerability Exploited in the Wild?At the time of this writing, FortiGuard Labs is not aware of the vulnerability being exploited in the wild.FortiGuard Labs will continue to monitor the situation and provide updates as they become available.Is There Any Mitigation for CVE-2021-23031?According to the advisory, "the only mitigation is to remove access (to the Configuration utility) for users who are not completely trusted".Has the Vendor Released Patches for the Vulnerabilities in their August 2021 Advisory?Yes, the vendor has released patches for all vulnerabil |
| Envoyé | Oui |
| Condensat | 115 2021 214 23031 24th 312 413 511 5is about abused access according actual additional administrative advanced advisory affect affected affecting affects agency all allows and/or any appendix appliance application applies apply arbitrary are asm attack attacker attention august authenticated available aware become being big breakdown can care case cisa code combining commands complete completely concept configuration continue control could coverage create critical customers cve cvss cybersecurity day delete described designed details device did disable does elevated enables especially even execute exploitation exploited exposures f5:16 facts files firewall fixes following fortiguard gaining given has have high higher highest how however including information infrastructure jumps k12815: k41351250: k50974556: labs limited limiting link listed low manager match may medium meet mitigation mitigations mode mode:big monitor more much multi multiple necessary needs network next nor not number offer only option other out overall overview patches per place post products proof protections provide provided published put rated rating ratings regard released releases remove requires respectively result running scenario score sectors security see sensitive separate services severity since situation status successful sufficient system systems take technical than time trusted two typical unix updates urging user users using utility vendor versions vulnerabilities vulnerability vulnerable waf web what when which who why wild will worst writing |
| Tags | Vulnerability |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.