This alert is being provided for informational purposes and for potential use to protect systems, networks, and data against this cyber threat at the sole discretion of recipients. As the cyber threat landscape is ever-evolving and attribution can be difficult, the NTIC Cyber Center makes no guarantees of the accuracy of this information during and after the dissemination of this alert as indicators of compromise (IoCs) and adversary tactics, techniques, and procedures (TTPs) may change. Recipients are urged to use caution before implementing any changes to systems, software, and procedures.
BIG-IP versions that are vulnerable to attacks (11.6.x, 12.1.x, 13.1.x, 14.1.x, 15.0.x, 15.1.x) should be upgraded to a corresponding patched version (184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199).
Cloud marketplace users are advised to switch to BIG-IP Virtual Edition versions 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, or 126.96.36.199, if available.
The NTIC Cyber Center recommends all affected F5 BIG-IP administrators review the following F5 Security Advisories here and here, and patch all affected systems as soon as possible. Additionally, F5 provides mitigation measures for customers unable to immediately patch systems.