Home Security Excessive Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Units

Excessive Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Units

by crpt os


Multiple security vulnerabilities have been disclosed in F5 BIG-IP and BIG-IQ devices that, if successfully exploited, to completely compromise affected systems.

Cybersecurity firm Rapid7 said the flaws could be abused to remote access to the devices and defeat security constraints. The issues impact BIG-IP versions 13.x, 14.x, 15.x, 16.x, and 17.x, and BIG-IQ Centralized Management versions 7.x and 8.x.

The two high-severity issues, which were reported to F5 on August 18, 2022, are as follows –

  • CVE-2022-41622 (CVSS score: 8.8) – A cross-site request forgery (CSRF) vulnerability through iControl SOAP, leading to unauthenticated remote code execution.
  • CVE-2022-41800 (CVSS score: 8.7) – An iControl REST vulnerability that could allow an authenticated user with an Administrator role to bypass Appliance mode restrictions.

“By successfully exploiting the worst of the vulnerabilities (CVE-2022-41622), an attacker could gain persistent root access to the device’s management interface (even if the management interface is not internet-facing),” Rapid7 researcher Ron Bowes said.

However, it’s worth noting that such an exploit requires an administrator with an active session to visit a hostile website.

Also identified were three different instances of security bypass, which F5 said cannot be exploited without first breaking existing security barriers through a previously undocumented mechanism.

Should such a scenario arise, an adversary with Advanced Shell (bash) access to the appliance could weaponize these weaknesses to execute arbitrary system commands, create or delete files, or disable services.

While F5 has made no mention of any of the vulnerabilities being exploited in attacks, it’s recommended that users apply the necessary patches as and when they become available to mitigate potential risks.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex