The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert for organizations about an F5 BIG-IP vulnerability. This vulnerability affects the F5 BIG-IP Local Traffic Manager (LTM) module, whose use of unencrypted persistent cookies can expose networks to cyber threats. The unencrypted cookies flaw is especially concerning due to F5 BIG-IP’s wide deployment in sectors like finance, healthcare, and government. F5 BIG-IP is a highly trusted network security solution, making this vulnerability particularly pressing.
Read the full CISA alert here.
F5 BIG-IP Vulnerability Details
The F5 BIG-IP vulnerability revolves around the LTM module, which manages session continuity using persistent cookies. When these cookies are unencrypted, they provide attackers with detailed insights into a network’s configuration. This vulnerability allows cybercriminals to map out network devices and resources, enabling them to identify additional systems for exploitation.
Visit F5’s Knowledge Center for detailed technical guidance on securing persistent cookies on BIG-IP systems.
The Risk of Unencrypted Cookies
Persistent cookies in F5 BIG-IP are crucial for session continuity but, if unencrypted, act as an entry point for attackers. Unencrypted persistent cookies allow cybercriminals potential access to network details, which can lead to reconnaissance and intrusion. To prevent this, F5 BIG-IP advises enabling AES encryption on persistent cookies. With encryption enabled, cookies are encrypted using a 192-bit AES cipher and Base64 encoding, safeguarding them from unauthorized access.
Learn more about F5’s encryption standards for BIG-IP solutions.
Immediate Steps to Secure F5 BIG-IP Cookies
CISA advises organizations to address this F5 BIG-IP vulnerability by enabling persistent cookie encryption on all F5 BIG-IP devices. Administrators can leverage F5’s iHealth diagnostic tool to identify configurations where encryption is not enabled, helping teams detect and mitigate vulnerabilities quickly.
For additional security measures, review the official F5 security advisory to ensure proper configuration and follow CISA’s guidelines to secure F5 BIG-IP deployments against emerging threats.