漏洞分享 - F5 產品存在多個漏洞
F5 產品存在多個漏洞
一、摘要
F5 產品存在多個漏洞,允許攻擊者利用此漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況、敏感資料洩露及繞過身份驗證。
二、存在風險
F5 產品存在多個漏洞,允許攻擊者利用此漏洞,於目標系統觸發遠端執行任意程式碼、阻斷服務狀況、敏感資料洩露及繞過身份驗證,其影響系統或版本如下:
- 受影響之系統/漏洞描述:
- BIG-IP (all modules)
- 15.1.0 - 15.1.10
- 16.1.0 - 16.1.5
- 17.1.0 - 17.1.2
- BIG-IP (PEM)
- 15.1.0 - 15.1.10
- 16.1.0 - 16.1.4
- 17.1.0 - 17.1.1
- BIG-IP (ASM)
- 15.1.0 - 15.1.10
- 16.1.0 - 16.1.4
- 17.1.0 - 17.1.1
- BIG-IP (AFM)
- 15.1.0 - 15.1.10
- 16.1.0 - 16.1.5
- 17.1.0 - 17.1.1
- BIG-IP (APM)
- 15.1.0 - 15.1.10
- 16.1.0 - 16.1.4
- 17.1.0 - 17.1.1
- BIG-IP Next SPK
- 1.7.0 - 1.7.6
- 1.8.0 - 1.8.2
- 1.9.0
- BIG-IP Next Central Manager
- 20.2.0 - 20.2.1
- BIG-IP Next CNF
- 1.1.0 - 1.3.3
- NGINX Plus
- R28 - R33
- NGINX Open Source
- 1.11.4 - 1.27.3
三、建議改善措施:
企業及使用者如有上述漏洞版本應儘速更新或實施原廠提供之修補方案。
情資報告連結:
- https://my.f5.com/manage/s/article/K000134888
- https://my.f5.com/manage/s/article/K000138757
- https://my.f5.com/manage/s/article/K000138932
- https://my.f5.com/manage/s/article/K000139656
- https://my.f5.com/manage/s/article/K000139778
- https://my.f5.com/manage/s/article/K000139780
- https://my.f5.com/manage/s/article/K000140578
- https://my.f5.com/manage/s/article/K000140920
- https://my.f5.com/manage/s/article/K000140933
- https://my.f5.com/manage/s/article/K000140947
- https://my.f5.com/manage/s/article/K000140950
- https://my.f5.com/manage/s/article/K000141003
- https://my.f5.com/manage/s/article/K000141380
- https://my.f5.com/manage/s/article/K000148412
- https://my.f5.com/manage/s/article/K000148587
- https://my.f5.com/manage/s/article/K000149173
- https://my.f5.com/manage/s/article/K000149185
- https://my.f5.com/manage/s/article/K000149540