F5 to strengthen its security Posture

Newer technology brings newer opportunities ,at the same time, it brings potential risks and it is true that, the volume of vulnerabilities is directly related to the adoption of new technologies. Multiple vulnerabilities were identified in F5 Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service and remote code execution on the targeted system.

F5 solutions reduce complexity in a hybrid and multi-cloud world so you can deliver secure digital experiences at scale—in the architecture you have now, and for the architecture you aspire to evolve your business into, the company claims.

Whereas, the adoption of new technologies offers many advantages from a business perspective. A recent uncovered on Security and application delivery company, F5 products revels that, F5 products are found with 18 severe vulnerabilities in the late 2022.

The vulnerabilities can allow a remote, unauthenticated attacker to launch denial-of-service (DoS) attacks. In addition, three of the advisories are related to NGINX modules and they describe flaws that can allow a local attacker to cause an NGINX worker process to terminate.

APIs are the cornerstone of modern applications and allow organizations to quickly integrate new capabilities into their digital experiences. Attackers know it can be challenging to identify and protect these application interdependencies, given that there are upwards of 200 million APIs in use. In fact, more than nine out of 10 enterprises have experienced an API security incident.

A ‘high severity’ rating has also been assigned to an F5OS vulnerability that can be exploited for privilege escalation. F5’s next quarterly updates are scheduled for February 1, 2023. The two previous quarterly notifications — released in May and August — informed customers about 50 and 21 vulnerabilities, respectively.

As per the report from Rapid 7 researchers , they have described as high-severity remote code execution vulnerabilities and assigned CVE identifiers, while the rest are security bypass methods that F5 does not view as vulnerabilities.

A report says, F5 launches new security capabilities with AI-powered app and API security capabilities to give customers comprehensive protection and control in managing apps and APIs across on-premises, cloud, and edge locations.

F5 proactively investigates vulnerabilities in specific third-party packages (OpenSSL, Apache, Apache Tomcat, and bind) and investigates vulnerabilities in all other third-party packages (for example, log4j, node.js, and MySQL) upon customer inquiry.