For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

RKRam's avatar
RKRam
Icon for Nimbostratus rankNimbostratus
Oct 21, 2021

Affected F5 devices from penetration testing | APM

We go below result from penetration test in F5 unit.   Issue: Insufficient Resource Validation. It is observed that we are able to inject "<" and ">" to the id_res parameter. Resolution: It is a...
BIG-IP Access Policy Manager (APM)
security
Anonymous's avatar
Anonymous
Oct 21, 2021

 Potential security issues like this are best handled directly by our official support teams.

I'm told the best thing to do is follow the instructions on this Knowledge Article on Support related to reporting suspected vulnerabilities.

https://support.f5.com/csp/article/K4602 - Reporting Suspected Vulnerabilities

 

F5 welcomes any reports of suspected vulnerabilities or other security concerns with F5 products.

If you are an F5 customer with an active support contract, please contact F5 Support.

If you are not an F5 customer, please send an email to f5sirt@f5.com. An engineer will contact you and will work with you to gather the necessary details to determine an appropriate course of action.

To send an encrypted message to F5, use this F5 Security Incident Response Team (SIRT) public PGP key, which is also available on multiple public key servers.+

 

Let me know if you are able to get the support you need that way.

Thanks for being part of our community!