• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
f5 warns of a new critical big ip remote code execution

F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability

You are here: Home / General Cyber Security News / F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability
May 5, 2022

Cloud security and application delivery network (ADN) company F5 on Wednesday introduced patches to comprise 43 bugs spanning its goods.

Of the 43 issues tackled, just one is rated Critical, 17 are rated Large, 24 are rated Medium, and 1 is rated small in severity.

Chief among the flaws is CVE-2022-1388, which carries a CVSS score of 9.8 out of a most of 10 and stems from a deficiency of authentication test, probably making it possible for an attacker to consider command of an affected procedure.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“This vulnerability may perhaps allow an unauthenticated attacker with network access to the Significant-IP procedure via the administration port and/or self IP addresses to execute arbitrary technique instructions, make or delete information, or disable services,” F5 reported in an advisory. “There is no data airplane publicity this is a control plane issue only.”

The security vulnerability, which the business claimed was discovered internally, impacts Significant-IP products with the adhering to versions –

  • 16.1. – 16.1.2
  • 15.1. – 15.1.5
  • 14.1. – 14.1.4
  • 13.1. – 13.1.4
  • 12.1. – 12.1.6
  • 11.6.1 – 11.6.5

Patches for the iControl Relaxation authentication bypass flaw have been introduced in variations 17.., 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5. Other F5 merchandise this kind of as Major-IQ Centralized Management, F5OS-A, F5OS-C, and Traffix SDC are not susceptible to CVE-2022-1388.

F5 has also offered non permanent workarounds until finally the fixes can be used –

  • Block iControl Rest access as a result of the self IP tackle
  • Block iControl Rest entry through the administration interface
  • Modify the Major-IP httpd configuration

Other noteworthy bugs solved as component of the update include individuals that could allow an authenticated attacker to bypass Appliance manner limitations and execute arbitrary JavaScript code in the context of the presently logged-in user.

With F5 appliances widely deployed in company networks, it’s critical that organizations go promptly to implement the patches to avoid menace actors from exploiting the attack vector for preliminary access.

The security fixes arrive as the U.S. Cybersecurity and Infrastructure Security Company (CISA) additional five new flaws to its Regarded Exploited Vulnerabilities Catalog dependent on proof of active exploitation –

  • CVE-2021-1789 – Apple Several Merchandise Form Confusion Vulnerability
  • CVE-2019-8506 – Apple Numerous Products and solutions Form Confusion Vulnerability
  • CVE-2014-4113 – Microsoft Get32k Privilege Escalation Vulnerability
  • CVE-2014-0322 – Microsoft Internet Explorer Use-Just after-Free Vulnerability
  • CVE-2014-0160 – OpenSSL Information and facts Disclosure Vulnerability

Located this article interesting? Comply with THN on Facebook, Twitter  and LinkedIn to study extra unique material we post.


Some elements of this posting are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Groundbreaking Cybersecurity Book Published
Next Post: Cisco Issues Patches for 3 New Flaws Affecting Enterprise NFVIS Software cisco issues patches for 3 new flaws affecting enterprise nfvis»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.