TTCSIRT-320.07.06.20: TT-CSIRT ADVISORY- F5 BIG-IP VULNERABILITY
The Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages
This vulnerability allows for unauthenticated attackers, or authenticated users, with network access to the TMUI, through the BIG-IP management port and/or Self IPs, to execute arbitrary system commands, create or delete files, disable services, and/or execute arbitrary Java code.
This vulnerability may result in complete system compromise.
The BIG-IP system in Appliance mode is also vulnerable.
This issue is not exposed on the data plane; only the control plane is affected.
The Trinidad and Tobago Cyber Security Incident Response Team (TTCSIRT) encourages users and administrators to review and apply the necessary updates by visiting the following link; which illustrates the known vulnerable versions and the mitigating fixes in the Security Advisory Status section of the article: