F5 zero day vulnerabilities being targeted by several threat actors
F5 zero day vulnerabilities being targeted by several threat actors
THREAT LEVEL: RED
Seven zero day vulnerabilities have been discovered in F5 products BIG-IP, BIG-IQ and BIG-IP Advanced WAF/ASM. The exploits of these vulnerabilities are currently unavailable according to the F5 group and Cyber Center. However, Hive Pro Threat Research team has observed several threat activities and communication around these vulnerabilities and therefore, users are advised to upgrade their product versions.
Vulnerability Details
- iControl REST unauthenticated remote command execution vulnerability: CVE-2021-22986
- Appliance Mode TMUI authenticated remote command execution vulnerability: CVE-2021-22987
- TMUI authenticated remote command execution vulnerability: CVE-2021-22988
- Appliance mode Advanced WAF/ASM TMUI authenticated remote command execution vulnerability: CVE-2021-22989
- Advanced WAF/ASM TMUI authenticated remote command execution vulnerability: CVE-2021-22990
- TMM buffer-overflow vulnerability: CVE-2021-22991
- Advanced WAF/ASM buffer-overflow vulnerability: CVE-2021-22992
Affected Product: BIG-IP, BIG-IQ, BIG-IP Advanced WAF/ASM
Affected Versions:
BIG-IP- 16.0.0-16.0.1 BIG-IP-15.1.0-15.1.2 BIG-IP-14.1.0-14.1.3.1 BIG-IP-13.1.0-13.1.3.5 BIG-IP-12.1.0-12.1.5.2 BIG-IP-11.6.1-11.6.5.2 BIG IQ- 7.1.0-7.1.0.2 BIG IQ-7.0.0-7.0.0.1 BIG IQ-6.0.0-6.1.0
Affected CPE:
cpe:2.3:a:f5:big-iq_centralized_management:6.0.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-iq_centralized_management:6.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-iq_centralized_management:7.0.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-iq_centralized_management:7.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-iq_centralized_management:7.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:-:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:hotfix1:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.3:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.5:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.6:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.7:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.4.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.4.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.5:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.5.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.5.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.3:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.5:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.6:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.7:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.8:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1.3:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1.5:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3.3:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.3:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.3.0.79.6:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.3.0.97.6:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.3.0.99.6:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.5:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.5.0.15.5:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.5.0.36.5:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.5.0.40.5:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.6:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.6.0.11.9:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.6.0.14.9:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.6.0.68.9:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.6.0.70.9:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2-0.0.37:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2-0.89.37:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.0.11.37:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.0.18.37:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.0.32.37:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1-0.0.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.14.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.16.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.34.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.46.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.97.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.99.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.105.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.111.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.115.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.122.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.2-0.0.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.3:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.3-0.0.5:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.5:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.5-0.0.3:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.6:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.6-0.0.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.7:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.7-0.0.5:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.8:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0.3:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0.5:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.2:-:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.3:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.3.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.3.2:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.3.3:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.3.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.4:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.5:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.5.1:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.5.2:*:*:*:*:*:*:*
Threat Actors
Name: Pioneer Kitten
Name: Pioneer Kitten Known as: PARISITE, UNC757, Fox Kitten Origin: Iran Targeted Industry: Academic, Aviation, Chemicals, Consulting & Professional Services, Defense, Financial Services, Government, Healthcare, Industrials and Engineering, Insurance, Manufacturing, Media, Opportunistic, Retail, Technology, Targeted Location: Israel, Middle East North Africa (MENA), North America, United States
Name: Energetic Bear Known as: Havex, Dragonfly, Crouching Yeti Origin: Russian Federation Targeted Industry: Academic, Aerospace, Energy, Financial Services, Government, Healthcare, Industrials and Engineering, Technology, Targeted Location: Azerbaijan, Belgium, China, Croatia, Czech Republic, France, Germany, Greece, Israel, Italy, Poland, Romania, Russian Federation, Serbia, Spain, Taiwan, United Kingdom, United States,
Name: Anonymous Group Targeted Location: Myanmar/Burma, United States, Russia, Uganda, United Kingdom, Malaysia, Ukraine, China, Senegal, Syria, Israel, Hongkong, Colombia, Gabon, Switzerland, Brazil, Spain, North Korea, Taiwan, Greece, Iran, Turkey, Mexico
Reference Advisories
https://support.f5.com/csp/article/K02566623 https://support.f5.com/csp/article/K03009991 https://support.f5.com/csp/article/K18132488 https://support.f5.com/csp/article/K70031188 https://support.f5.com/csp/article/K56142644 https://support.f5.com/csp/article/K45056101 https://support.f5.com/csp/article/K56715231 https://support.f5.com/csp/article/K52510511