Vulnerability Recommended Actions
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
To determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer toÂ SOL21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems.
Mitigating this vulnerability
To mitigate this vulnerability, you should consider the following recommendations:
- Permit management access to F5 products only over a secure network, and limit shell access to only trusted users. For more information about securing access to BIG-IP/Enterprise Manager systems, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x - 12.x) and SOL13092: Overview of securing access to the BIG-IP system.
- Filter UDP traffic to the potentially impacted services by using an upstream firewall.
- Configure the port lockdown feature to disallow unneeded UDP ports all self IP addresses. For more information, refer to SOL13250: Overview of port lockdown behavior (10.x - 11.x) or SOL17333: Overview of port lockdown behavior (12.x).
- SOL9970: Subscribing to email notifications regarding F5 products
- SOL9957: Creating a custom RSS feed to view new and updated documents
- SOL4918: Overview of the F5 critical issue hotfix policy
- SOL167: Downloading software and firmware from F5
- SOL13123: Managing BIG-IP product hotfixes (11.x - 12.x)