Cross-Site Request Forgery Vulnerability in F5 BIG-IP and BIG-IQ Products
CVE-2021-23026

8.8HIGH

Key Information:

Vendor: F5
Status: Big-ip & Big-iq
Vendor: CVE Published:; 14 September 2021

Summary

F5 BIG-IP and BIG-IQ products are susceptible to cross-site request forgery (CSRF) attacks via the iControl SOAP interface. This vulnerability can allow attackers to perform unauthorized actions on behalf of an authenticated user, potentially leading to significant security risks. Users of affected versions should prioritize applying patches to mitigate this risk and ensure the integrity of their systems.

Affected Version(s)

BIG-IP & BIG-IQ BIG-IP 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x and 11.6.x

BIG-IP & BIG-IQ all versions of BIG-IQ 8.x, 7.x, and 6.x

References

https://support.f5.com/csp/article/K53854428

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 14, 2021
Vulnerability Reserved
Jan 6, 2021