QID 375881

Date Published: 2021-09-27

QID 375881: F5 BIG-IP Application Security Manager (ASM), Local Traffic Manager (LTM), Access Policy Manager (APM) iControl SOAP Vulnerability (K53854428)

F5 BIG-IP ASM (Application Security Manager) is a flexible web application firewall that secures web applications in traditional, virtual, and private cloud environments.
F5 BIG-IP (LTM) Local Traffic Manager is the most popular module offered on F5 Networks BIG-IP platform. The real power of the LTM is it is a Full Proxy, allowing you to augment client and server side connections. All while making informed load balancing decisions on availability, performance, and persistence.
F5 BIG-IP Access Policy Manager (APM) is a secure, flexible, high-performance solution that provides unified global access to your network, cloud, and applications.

BIG-IP and BIG-IQ are vulnerable to cross-site request forgery (CSRF) attacks through iControl SOAP. (CVE-2021-23026)

Vulnerable Component: BIG-IP ASM, APM, LTM

Affected Versions:
16.0.0 -
15.1.0 - 15.1.2
14.1.0 -
13.1.0 - 13.1.4
12.1.0 - 12.1.6
11.6.1 - 11.6.5

QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.

An attacker may trick authenticated users into performing critical actions. This vulnerability can only be exploited through the control plane and cannot be exploited through the data plane. Exploitation can lead to complete system compromise.

  • CVSS V3 rated as Critical - 8.8 severity.
  • CVSS V2 rated as High - 6.8 severity.
  • Solution
    The vendor has released patch, for more information please visit: K53854428
    Vendor References

    CVEs related to QID 375881

    Software Advisories
    Advisory ID Software Component Link
    K53854428 URL Logo support.f5.com/csp/article/K53854428