Minimize Threat Footprint by Automating F5 BIG-IP Upgrade With AppViewX ADC+

Recent Vulnerabilities in F5

On March 19th, 2021, F5 announced twenty-one (21) CVEs affecting its BIG-IP and BIG-IQ modules, and four of them critical. Out of the four critical vulnerabilities, two were on the control plane of iControl and Traffic Management User Interface (TMUI), allowing unauthenticated users network access to execute arbitrary system commands, create or delete files, and disable services. The remaining two vulnerabilities were on the data plane, affecting virtual servers and increasing the risk of Denial-of-Service (DoS) attacks.

F5’s Response

F5 quickly released versions with fixes to all 21 vulnerabilities and urged affected users to upgrade their modules to the fixed versions.

Caveats in the Upgrade Process

The vulnerabilities exposed by F5 affect almost all BIG-IP and BIG-IQ versions. Enterprises need to track which version of the modules they’re running and manually upgrade each of them to the appropriate fixed version. Manual upgrades are time-consuming, and the longer the network is exposed to the vulnerabilities, the greater is the risk of an attack. There are also possibilities of errors and compliance lapses when the upgrade is manual, further increasing the risk.

How Can AppViewX ADC+ Help with the Upgrade?

Identifying device types and versions

IT administrators can use AppViewX ADC+ to scan the network and create an inventory of all F5 devices and modules. ADC+ generates reports that classify modules based on the device type, versions, and the applications they support. With this, administrators can easily identify vulnerable versions and gauge the risk.

Automated Upgrade and Backups

Once the installation files are loaded into ADC+, it pushes them into the appropriate module based on rules that administrators enter through a form. Before initiating the actual upgrade, ADC+ checks the existing state of the device and takes a backup of the last-known best configuration. Once the device state is validated, ADC+ pushes the installation file onto it and reboots the device.

Post-Validation Checks

Once the device is online, it does post-validation checks to ensure that the upgrade is successful and hasn’t affected the device’s active connections. If the device fails the post-validation check or the installation turns awry, ADC+ restores the device to its last-known-good configuration from the backup.

Advantages of using AppViewX ADC+ to Upgrade F5 Devices

  • ADC+ supports automated bulk upgrades based on predefined rules, dramatically reducing upgrade times and the attack window.
  • It enables F5 devices to come online quickly, ensuring business continuity.
  • Automation, coupled with pre-and post-validation checks, eliminates errors and guarantees compliance.
  • IT administrators can initiate and track the upgrade process from the ITSM tool of their choice.
  • ADC+ sends periodic alerts to IT administrators, updating them on the status of the upgrade.
  • It also makes auditing easy by creating a log of the upgrades.

If you’d like to know more about AppViewX ADC+, talk to our product experts and ask them for a demo.

About the Author

Devanshu Dawn

Product Marketing Manager

A product enthusiast, who strategizes and communicates product's value to prospects and customers through narratives based on solid research, simplifying their purchase decisions.

More From the Author →

Want more great content?

Subscribe to our blog to get tech tips, industry news, and thought leadership articles right in your inbox!

Related Articles

| 4 Min Read

Streamline Application Delivery Automation across Heterogeneous Environments with AppViewX ADC+

| 5 Min Read

Gain App-Centric Visibility & Smart Insights into the Network Infrastructure

| 3 Min Read

The Benefits of Offloading SSL (certs) on F5 Devices, and How to Automate it

American Media Conglomerate Reduces TCO (Total Cost of Ownership) of F5 ADC Devices By   55% With ADC+ 

Read The Case Study →