Guidance for F5 BIG-IP Vulnerability Fact Sheet

Revision Date

On June 30, 2020, F5 Networks, Inc. (F5) disclosed a remote code execution (RCE) vulnerability in the BIG-IP Traffic Management User Interface (TMUI) that allows for file system manipulation and arbitrary code execution. The Cybersecurity and Infrastructure Security Agency (CISA) advises all BIG-IP users to update their devices to the F5 fixed software version as soon as possible. However, users and administrators whose BIG-IP TMUI was exposed to the internet should assume they were compromised and take immediate action to reconstitute affected systems.  

Business and government executive and IT leaders should be aware if this critical vulnerability exists on their networks and assess their plan to address this specific, significant risk.