PUBLICATION

Guidance for F5 BIG-IP Vulnerability Fact Sheet

Revision Date

December 17, 2020

Related topics:

Cybersecurity Best Practices, Critical Infrastructure Security and Resilience

On June 30, 2020, F5 Networks, Inc. (F5) disclosed a remote code execution (RCE) vulnerability in the BIG-IP Traffic Management User Interface (TMUI) that allows for file system manipulation and arbitrary code execution. The Cybersecurity and Infrastructure Security Agency (CISA) advises all BIG-IP users to update their devices to the F5 fixed software version as soon as possible. However, users and administrators whose BIG-IP TMUI was exposed to the internet should assume they were compromised and take immediate action to reconstitute affected systems.

Business and government executive and IT leaders should be aware if this critical vulnerability exists on their networks and assess their plan to address this specific, significant risk.

Guidance for F5 BIG-IP Vulnerability Fact Sheet

Resource Materials

Tags

CDM Data Model Document 4.1.1

Understanding and Responding to Distributed Denial-Of-Service Attacks

PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders

Repository for Software Attestations and Artifacts (RSAA) User Guide

Guidance for F5 BIG-IP Vulnerability Fact Sheet

Resource Materials

Tags

Related Resources

CDM Data Model Document 4.1.1

Understanding and Responding to Distributed Denial-Of-Service Attacks

PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders

Repository for Software Attestations and Artifacts (RSAA) User Guide