Description Preview
Overview
This vulnerability (CVE-2021-23026) is a cross-site request forgery (CSRF) vulnerability in F5's BIG-IP and BIG-IQ products, specifically affecting the iControl SOAP interface. CSRF vulnerabilities allow attackers to send unauthorized commands from a user that the website trusts. In this case, if an authenticated user with access to the iControl SOAP interface visits a malicious website, the attacker could potentially execute commands with the user's privileges on the F5 system. The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) and could lead to unauthorized configuration changes, service disruption, or information disclosure depending on the privileges of the targeted user.
Remediation
To remediate this vulnerability, F5 recommends upgrading to one of the following fixed versions:
- BIG-IP 16.0.x: Upgrade to 16.0.1.2 or later
- BIG-IP 15.1.x: Upgrade to 15.1.3 or later
- BIG-IP 14.1.x: Upgrade to 14.1.4.2 or later
- BIG-IP 13.1.x: Upgrade to 13.1.4.1 or later
- BIG-IP 12.1.x and 11.6.x: These versions have reached End of Technical Support (EoTS) and should be upgraded to a supported version
- BIG-IQ 8.x, 7.x, and 6.x: Contact F5 support for appropriate update guidance
If immediate patching is not possible, consider implementing additional security controls such as:
- Restricting access to the management interface
- Implementing network segmentation to limit access to the iControl SOAP interface
- Following security best practices for administrative access to F5 devices
References
- F5 Security Advisory: https://support.f5.com/csp/article/K53854428
- MITRE CWE-352 (Cross-Site Request Forgery): https://cwe.mitre.org/data/definitions/352.html
- OWASP CSRF Prevention Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Finance and InsuranceFinance and Insurance
- Health Care & Social AssistanceHealth Care & Social Assistance
- Management of Companies & EnterprisesManagement of Companies & Enterprises
- ManufacturingManufacturing
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services
- Accommodation & Food ServicesAccommodation & Food Services
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting
- Arts, Entertainment & RecreationArts, Entertainment & Recreation
- ConstructionConstruction
- Educational ServicesEducational Services
- InformationInformation
- MiningMining
- Other Services (except Public Administration)Other Services (except Public Administration)
- Public AdministrationPublic Administration
- Real Estate Rental & LeasingReal Estate Rental & Leasing
- Retail TradeRetail Trade
- Transportation & WarehousingTransportation & Warehousing
- UtilitiesUtilities
- Wholesale TradeWholesale Trade
