Share This:

Threat Update

Network provider, F5 Networks, a leading networking provider for businesses everywhere, has announced the discovery of multiple remote code execution vulnerabilities. There are four of these RCE vulnerabilities, which effect most BIG-IP and BIG-IQ software versions. Successful exploitation of these vulnerabilities could lead to systems being compromised. System compromise could lead to data leakage and service outages. SKOUT recommends ensuring that all devices are updated to their latest versions, to allow for security patches to be implemented.

Technical Detail & Additional Information


There are four separate critical Remote Code Execution (RCE) vulnerabilities which affect most BIG-IP and BIG-IQ software versions.

  • iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986: This vulnerability allows for unauthenticated attackers to execute arbitrary system commands through the iControl REST interface, the BIG-IP management interface, and self IP addresses.
  • Appliance mode TMUI authenticated remote command execution vulnerability CVE-2021-22987: This vulnerability allows for authenticated users who have network access, to execute arbitrary system commands through the iControl REST interface, the BIG-IP management interface, and self IP addresses.
  • TMM buffer-overflow vulnerability CVE-2021-22991: This vulnerability could potentially lead to undisclosed requests to a virtual server being incorrectly handled by Traffic Management Microkernel URI normalization, which could trigger a buffer overflow. This could lead to a denial of service (DoS) attack.
  • Advanced WAF/ASM buffer-overflow vulnerability CVE-2021-22992: This vulnerability could potentially allow an attacker to perform a denial of service (DoS) attack, if they have control over back-end web servers, or the ability to manipulate server-side HTTP responses to a virtual server.


F5 Big-IP software and hardware has large scale customers. Microsoft, Facebook, Oracle, Fortune 500 firms, banks, internet service providers (ISPs), and many more rely on F5 technology. F5 themselves claim that “48 of the Fortune 50 rely on F5”. Their product is very widely used and any vulnerabilities they possess can lead to big issues for their customers. In July of 2020, attackers became aware of vulnerabilities with F5 technology and specifically targeted enterprises that did not patch their F5 BIG-IP devices. Attackers are aware when these vulnerabilities exist, so it is very important to ensure that these patches are implemented as soon as they are released.


Each of the four vulnerabilities with F5 Big-IP devices detailed above have similar risk involved if they are exploited. They can lead to potential denial of service attacks, and even complete system compromises. This could enable attackers to execute arbitrary system commands and create or delete files. Many companies rely on sensitive data remaining private and being able to provide continued service to their customers. These vulnerabilities put these expectations at potential risk if they are exploited by attackers.


SKOUT recommends installing all the patches released by F5 that address these vulnerabilities. The affected devices and software versions can be found below.


For more in-depth information about the recommendations, please visit the following links:

If you have any questions, please contact our Security Operations Center.

Share This:
Doris Au

Posted by Doris Au

Doris is a product marketing manager at Barracuda MSP. In this position, she is responsible for connecting managed service providers with multi-layered security and data protection products that can protect their customers from today’s advanced cyber threats.

Leave a reply

Your email address will not be published. Required fields are marked *