F5 BIG-IP and BIG-IQ Configuration Utility Authenticated Remote Code Execution Vulnerability

A vulnerability allowing authenticated remote code execution exists in the BIG-IP and BIG-IQ Configuration utilities. This issue arises through undisclosed vectors, enabling an authenticated attacker with network access to the Configuration utility via the BIG-IP management port or self IP addresses to execute arbitrary system commands, manipulate files, or disrupt services. Notably, this vulnerability does not expose data plane operations, focusing solely on control plane functions.

Impact

Exploitation of this vulnerability could allow an authenticated attacker to execute arbitrary commands on the system, potentially leading to unauthorized access or manipulation of files and services.

Remediation

Users can upgrade to versions 21.0.0, 17.5.1.4, 17.1.3.1, or 8.4.1 to address this vulnerability. For more information on managing F5 product hotfixes, refer to the F5 knowledge article K13123 for BIG-IP and K15106 for BIG-IQ.