to determine if the software version is still in active support. End of support is defined by a drop of more than 90 days from the last release with new fix packs. This issue does not affect the following software versions: 11.5.x, 11.4.x, 11.3.x, 11.2.x, 11.1.x, 11.0.x, 10.1.x, 10.0.x, 9.1.x, and 9.0.x. This issue has been resolved in this release. For information on how to upgrade, see Upgrade BIG-IP systems. An authenticated user with Administrator role privilege on all versions of F5 BIG-IP, including the following versions prior to 9.0, when running in Appliance mode, may be able to bypass appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. An authenticated attacker with Administrator role privilege on all versions of F5 BIG-IP, including the following versions prior to 9.0, when running in Appliance mode, may be able to bypass appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. When running in Appliance mode, an authenticated user with Administrator role privilege may be able to bypass appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not

Platform Issues

Platform issues for this release include the following CVEs.
CVE-2019-3955: An authenticated user with Administrator role privilege on all versions of F5 BIG-IP, including the following versions prior to 9.0, when running in Appliance mode, may be able to bypass appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration.
CVE-2019-3956: When running in Appliance mode, an authenticated user with Administrator role privilege may be able to bypass appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration.
This issue has been resolved in this release. For information on how to upgrade, see Upgrade BIG-IP systems.

Description

On all versions of BIG-IP with F5 Guided Configuration enabled, there is a missing integrity check which allows an authenticated user with Administrator role privilege to bypass appliance mode restrictions when running in Appliance mode. For example if you have a BIG-IP system configured as a firewall and want to disable the firewall for your web server, but cannot due to appliance mode restrictions.
End of support for software versions ending in "K", "L", "M" and "N" is defined by a drop of more than 90 days from the last release with new fix packs. This issue does not affect the following software versions: 11.5.x, 11.4.x, 11.3.x, 11.2.x, 11.1.x, 11.0.x, 10.1.x, 10.0.x and 9.0.-9.#.#.#

Timeline

Published on: 05/05/2022 17:15:00 UTC
Last modified on: 05/16/2022 12:49:00 UTC

References