Dark Reading -
Enterprise organizations using F5 Networks’ BIG-IP and BIG-IQ application delivery technologies are being urged to immediately update their systems to address multiple critical vulnerabilities in the products.
Several of the vulnerabilities enable remote attackers to take complete control of the systems to execute malicious code, disable services, create or delete files, and take other malicious actions.
“Unlike previous notable F5 exploits, not all of these can be easily hand-waved away by restricting external access to the administrative interfaces known as the ‘control plane,'” says Justin Rhinehart, senior analyst at Bishop Fox. Two critical exploits disclosed this week affect the so-called data plane, which is the part responsible for handing any and all traffic going through the BIG-IP platform, he says. The only way to mitigate these exploits is by patching.
In a worst-case scenario, Rhinehart says, an attacker can use a vulnerable F5 BIG-IP appliance to break into the broader enterprise network.
The post F5 Networks Urges Customers to Update to New Versions of Its App Delivery Tech first appeared on Dark Reading.