F5 BIG-IP and BIG-IQ | Critical Security Bugs

Enterprise security and network appliance vendor F5 has released patches for more than two dozen security vulnerabilities affecting multiple versions of BIG-IP and BIG-IQ devices that could potentially allow an attacker to perform a wide range of malicious actions, including accessing arbitrary files, escalating privileges, and executing JavaScript code.

The other major vulnerabilities resolved by F5 are listed below -

    CVE-2021-23025 (CVSS score: 7.2) - Authenticated remote command execution vulnerability in BIG-IP Configuration utility
    CVE-2021-23026 (CVSS score: 7.5) - Cross-site request forgery (CSRF) vulnerability in iControl SOAP
    CVE-2021-23027 and CVE-2021-23037 (CVSS score: 7.5) - TMUI DOM-based and reflected cross-site scripting (XSS) vulnerabilities
    CVE-2021-23028 (CVSS score: 7.5) - BIG-IP Advanced WAF and ASM vulnerability
    CVE-2021-23029 (CVSS score: 7.5) - BIG-IP Advanced WAF and ASM TMUI vulnerability
    CVE-2021-23030 and CVE-2021-23033 (CVSS score: 7.5) - BIG-IP Advanced WAF and ASM Websocket vulnerabilities
    CVE-2021-23032 (CVSS score: 7.5) - BIG-IP DNS vulnerability
    CVE-2021-23034, CVE-2021-23035, and CVE-2021-23036 (CVSS score: 7.5) - Traffic Management Microkernel vulnerabilities