Security Advisory From F5 Calls for Urgent Patching for BIG-IP Admins

Last updated September 23, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

F5 has discovered four critical and two high and one medium-severity flaw affecting its BIG-IP and BIG-IQ products. Because of the wide scope of the problems and also the extensive affection, the company has released a detailed security advisory so important that even CISA has caught it and published its own notice to point admins there.

The seven vulnerabilities found and patched are the following:

The above flaws are addressed in BIG-IP versions 16.0.1.1, 15.1.2.1, 14.1.4, 13.1.3.6, 12.1.5.3, and 11.6.5.3, while for BIG-IQ, which is only affected by CVE-2021-22986, the fixes come through 8.0.0, 7.1.0.3, and 7.0.0.2.

Everyone is advised to apply the patches immediately, as they all have serious potential for malicious exploitation. Unfortunately, there are no mitigations to use by those who can’t patch for the time being.

Source: F5

Google project zero researchers have a PoC for CVE-2021-22991 and also for CVE-2021-22992, which were now published as the vendor has fixed them. This obviously makes the patching even more imminent for system administrators, so go ahead and do it right now.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: