A new bypass vulnerability has been disclosed in the Kerberos Key Distribution Center (KDC) security feature. The vulnerability affects F5 Big-IP application delivery services. F5 Networks has released patches to address the weakness (CVE-2021-23008, CVSS score 8.1), with fixes introduced in BIG-IP APM versions. A similar patch for version 16.x is expected at a future date. The company recommends configuring multi-factor authentication (MFA) or deploying an IPSec tunnel.
Source: https://thehackernews.com/2021/04/f5-big-ip-found-vulnerable-to-kerberos.html