BIG-IP: Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the…
Summary
Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CISA Known Exploited Vulnerability
- Listed:
- Oct 31, 2023 · federal remediation due Nov 21, 2023
- Required action:
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Ransomware use:
- Known
KEV is a prioritization signal from CISA — remediation detail still comes from the vendor advisory.
Mitigation
Mitigation steps weren't captured by the parser for this advisory — this is a parsing gap, not a statement that no fix exists. Read the vendor advisory below for the authoritative guidance.
Official advisory · medium-confidence parse· fetched 1 hour ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.