CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices

Source: All CISA Advisories | Added:

CISA has issued Emergency Directive ED 26-01 to federal agencies to address vulnerabilities in F5 BIG-IP devices following a compromise by a nation-state affiliated cyber threat actor. The directive requires agencies to inventory their F5 products, assess exposure to the public internet, and apply necessary updates to mitigate risks.

---

Impact: F5 BIG-IP products, F5OS, BIG-IP TMOS, Virtual Edition, BIG-IP Next, BIG-IP IQ software, BNK / CNF

In the Wild: Yes

Age: Newly disclosed

Remediation: Inventory F5 devices, harden public-facing appliances, apply updates by specified deadlines, disconnect end-of-support devices, mitigate against cookie leakage, and report to CISA.

Read Full Original Article →