F5 zero day vulnerabilities being targeted by several threat actors

Threat Advisories

F5 zero day vulnerabilities being targeted by several threat actors

March 11, 2021

THREAT LEVEL: RED

Seven zero day vulnerabilities have been discovered in F5 products BIG-IP, BIG-IQ and BIG-IP Advanced WAF/ASM. The exploits of these vulnerabilities are currently unavailable according to the F5 group and Cyber Center. However, Hive Pro Threat Research team has observed several threat activities and communication around these vulnerabilities and therefore, users are advised to upgrade their product versions.

Vulnerability Details

  • iControl REST unauthenticated remote command execution vulnerability: CVE-2021-22986
  • Appliance Mode TMUI authenticated remote command execution vulnerability: CVE-2021-22987
  • TMUI authenticated remote command execution vulnerability: CVE-2021-22988
  • Appliance mode Advanced WAF/ASM TMUI authenticated remote command execution vulnerability: CVE-2021-22989
  • Advanced WAF/ASM TMUI authenticated remote command execution vulnerability: CVE-2021-22990
  • TMM buffer-overflow vulnerability: CVE-2021-22991
  • Advanced WAF/ASM buffer-overflow vulnerability: CVE-2021-22992

Affected Product: BIG-IP, BIG-IQ, BIG-IP Advanced WAF/ASM

Affected Versions: 

 BIG-IP- 16.0.0-16.0.1
 BIG-IP-15.1.0-15.1.2
 BIG-IP-14.1.0-14.1.3.1
 BIG-IP-13.1.0-13.1.3.5
 BIG-IP-12.1.0-12.1.5.2
 BIG-IP-11.6.1-11.6.5.2
 BIG IQ- 7.1.0-7.1.0.2
 BIG IQ-7.0.0-7.0.0.1
 BIG IQ-6.0.0-6.1.0

Affected CPE: 

 cpe:2.3:a:f5:big-iq_centralized_management:6.0.0:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-iq_centralized_management:6.1.0:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-iq_centralized_management:7.0.0:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-iq_centralized_management:7.1.0:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-iq_centralized_management:7.1.0.1:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:-:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:hotfix1:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.1:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.2:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.3:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.5:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.6:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.3.7:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.4.1:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.4.2:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.5:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.5.1:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.5.2:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.1:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.2:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.3:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.5:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.6:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.7:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.0.8:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1.1:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1.2:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1.3:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.1.5:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.2:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3.1:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3.2:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3.3:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:13.1.3.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.1:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.2:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.3:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.3.0.79.6:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.3.0.97.6:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.3.0.99.6:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.5:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.5.0.15.5:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.5.0.36.5:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.5.0.40.5:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.6:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.6.0.11.9:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.6.0.14.9:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.6.0.68.9:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.0.6.0.70.9:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2-0.0.37:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2-0.89.37:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.0.11.37:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.0.18.37:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.0.32.37:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1-0.0.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.14.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.16.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.34.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.46.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.97.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.99.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.105.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.111.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.115.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.1.0.122.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.2:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.2-0.0.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.3:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.3-0.0.5:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.5:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.5-0.0.3:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.6:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.6-0.0.2:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.7:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.7-0.0.5:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:14.1.2.8:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0.1:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0.2:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0.3:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0.5:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.1:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.2:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.1:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.2:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.2:-:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.3:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.3.1:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.3.2:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.3.3:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.3.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.4:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.5:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.5.1:*:*:*:*:*:*:*
 cpe:2.3:a:f5:big-ip_access_policy_manager:11.6.5.2:*:*:*:*:*:*:*

Threat Actors

Name: Pioneer Kitten
Name: Pioneer Kitten
Known as: PARISITE, UNC757, Fox Kitten
Origin: Iran
Targeted Industry: Academic, Aviation, Chemicals, Consulting & Professional Services, Defense, Financial Services, Government, Healthcare, Industrials and Engineering, Insurance, Manufacturing, Media, Opportunistic, Retail, Technology,
Targeted Location: Israel, Middle East North Africa (MENA), North America, United States 
Name: Energetic Bear
Known as: Havex, Dragonfly, Crouching Yeti
Origin: Russian Federation
Targeted Industry: Academic, Aerospace, Energy, Financial Services, Government, Healthcare, Industrials and Engineering, Technology, 
Targeted Location: Azerbaijan, Belgium, China, Croatia, Czech Republic, France, Germany, Greece, Israel, Italy, Poland, Romania, Russian Federation, Serbia, Spain, Taiwan, United Kingdom, United States, 
Name: Anonymous Group
Targeted Location:  Myanmar/Burma, United States, Russia, Uganda, United Kingdom, Malaysia, Ukraine, China, Senegal, Syria, Israel, Hongkong, Colombia, Gabon, Switzerland, Brazil, Spain, North Korea, Taiwan, Greece, Iran, Turkey, Mexico

Reference Advisories

 https://support.f5.com/csp/article/K02566623
 https://support.f5.com/csp/article/K03009991
 https://support.f5.com/csp/article/K18132488
 https://support.f5.com/csp/article/K70031188
 https://support.f5.com/csp/article/K56142644
 https://support.f5.com/csp/article/K45056101
 https://support.f5.com/csp/article/K56715231
 https://support.f5.com/csp/article/K52510511

Recent Posts

Join Our Newsletter 14,000+ subscribers and growing! Get top cybersecurity news delivered directly to your inbox.