• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
high severity vulnerabilities reported in f5 big ip and big iq devices

High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices

You are here: Home / General Cyber Security News / High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices
November 17, 2022

Various security vulnerabilities have been disclosed in F5 Large-IP and Big-IQ devices that, if successfully exploited, to completely compromise affected techniques.

Cybersecurity organization Immediate7 explained the flaws could be abused to distant accessibility to the equipment and defeat security constraints.

The two superior-severity issues, which have been reported to F5 on August 18, 2022, are as follows –

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


  • CVE-2022-41622 (CVSS score: 8.8) – A cross-web site ask for forgery (CSRF) vulnerability as a result of iControl Cleaning soap, major to unauthenticated remote code execution.
  • CVE-2022-41800 (CVSS rating: 8.7) – An iControl Relaxation vulnerability that could enable an authenticated user with an Administrator function to bypass Equipment mode constraints.

“By successfully exploiting the worst of the vulnerabilities (CVE-2022-41622), an attacker could gain persistent root obtain to the device’s administration interface (even if the administration interface is not internet-experiencing),” Quick7 researcher Ron Bowes explained.

Even so, it can be truly worth noting that such an exploit demands an administrator with an lively session to check out a hostile web-site.

Also determined were three distinct cases of security bypass, which F5 claimed cannot be exploited with out first breaking existing security limitations as a result of a formerly undocumented system.

Should such a situation crop up, an adversary with Highly developed Shell (bash) entry to the equipment could weaponize these weaknesses to execute arbitrary method instructions, make or delete documents, or disable services.

Though F5 has made no point out of any of the vulnerabilities being exploited in attacks, it’s advisable that customers implement the needed patches to mitigate likely threats.

Observed this report appealing? Comply with THN on Facebook, Twitter  and LinkedIn to go through a lot more special written content we write-up.


Some areas of this short article are sourced from:
thehackernews.com

Previous Post: «iranian hackers compromised a u.s. federal agency's network using log4shell Iranian Hackers Compromised a U.S. Federal Agency’s Network Using Log4Shell Exploit
Next Post: Embrace A Paradigm Shift In SaaS Protection: SaaS Security Posture Management www.adaptive-shield.com Ravie Lakshmanan Forrester interviews customers across different organizations who have implemented a SaaS security solution. Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Copyright © TheCyberSecurity.News, All Rights Reserved.