<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

 

Blog

Read or download all Datashield news, reviews, content, and more.

 

All Posts

Security Advisory Vulnerability CVE-2021-22986

Vulnerability CVE-2021-22986Datashield recommends patching any BIG-IP servers due to the recently released series of vulnerabilities, CVE-2021-22986 in particular, a pre-auth RCE in the iControl REST interface. An unauthenticated attacker can compromise the server and obtain access into the network. If your team is unable to patch these servers immediately, we recommend following the mitigation steps outlined in the notice sent out by F5, which is below as well.

Vulnerable Versions

BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO)

Vulnerable Versions
  • 16.0.0 - 16.0.1
  • 15.1.0 - 15.1.2
  • 14.1.0 - 14.1.3
  • 13.1.0 - 13.1.3
  • 12.1.0 - 12.1.5

BIG-IQ Centralized Management

Vulnerable Versions
  • 7.1.0
  • 7.0.0
  • 6.0.0 - 6.1.0

Datashield is actively watching the exploit and will be creating alerts to detect exploit attempts. There are no known POC’s or actors utilizing this exploit.

If you have any questions regarding this vulnerability, please contact us.

Read more blogs from Datashield

Topics from this Article

News, CVE, Threat Intelligence, Threat Analysis

Datashield
Datashield
Official Datashield account for blog content, news, announcements and more. The articles authored include a collaboration between internal staff, specifically the security operations and marketing team.

Related Posts

Lumifi Cyber Acquires Datashield to Deliver Next-Generation Managed Detection and Response

Combines AI and Machine Learning-Based Software with MDR Services to Provide Fortune 500-Grade Security to Companies of All Sizes Palm Desert, CA and Scottsdale, AZ — May 3, 2022 — Lumifi Cyber, Inc., a next-generation managed detection and response (MDR) cybersecurity software provider, today announced its acquisition of Datashield, Inc., an end-to-end cybersecurity resilience services provider, to deliver Fortune 500-grade security to companies of all sizes for an affordable monthly price.

Datashield Becomes Member of Microsoft Intelligent Security Association (MISA)

Datashield Becomes Member of Microsoft Intelligent Security Association (MISA)

The Difference Between Cybersecurity & Network Security

The Difference Between Cybersecurity & Network Security