This iApp shows you at a glance the vulnerability status of your BIG-IP against the March 2021 CVEs. This is based on the software version mainly and the modules provisioned, appliance mode etc, it does not look at your configuration in detail so it is only to be used as a guide. For instance, it does not check whether you are actually using APM, or SNAT, or HTTP/2.
There are two reports - the at-a-glance report on the Critical CVEs, and a more detailed HTML report created in the /var/tmp directory of the device which shows all of the BIG-IP CVEs and performs more detailed checks.
How to use this snippet:
Download the file and extract to a local directory
Install the template as normal:
login to the BIG-IP TMUI and go to iApps>Templates>Templates.
Click on Import ( on the right hand side)
Select the cve-checker-2021.tmpl file and hit Upload
To see the report, create an app using this template
Go to iApps>Application Services>Applications
Click on Create ( on the right hand side )
From Template, select cve-checker-2021
View summary report in this window
Add a name for the application and Hit Finished
Retrieve report from /var/tmp
To refresh the report, go to Reconfigure and hit Finished again
If you find any bugs or issues with this then feel free to PM me here
This code has been developed and tested in a lab so you use it at your own risk. If you have used it and found it to be accurate, or have suggestions for further development then please PM me