• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems

You are here: Home / Latest Cyber Security Vulnerabilities / F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems
May 5, 2022

The vulnerability is ‘critical’ with a CVSS severity rating of 9.8 out of 10.

Application assistance company F5 is warning a critical vulnerability allows unauthenticated hackers with network accessibility to execute arbitrary commands on its Massive-IP methods.

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The F5 Huge-IP is a mix of program and hardware that is developed all-around accessibility regulate, software availability and security remedies.

The vulnerability is tracked as CVE-2022-1388  with a severity rating of 9.8 out of 10 by the Widespread Vulnerabilities Scoring Program (CVSS) model 3.90.
Infosec Insiders Newsletter

In accordance to F5, the flaw resides in the representational condition transfer (Relaxation) interface for the iControl framework which is utilized to communicate among the F5 gadgets and buyers.

Risk actors can ship undisclosed requests and leverage the flaw to bypass the iControl Relaxation authentication and entry the F5 Major-IP systems, an attacker can execute arbitrary instructions, produce or delete data files or disable servers.

“This vulnerability may make it possible for an unauthenticated attacker with network obtain to the Huge-IP process through the administration port and/or self IP addresses to execute arbitrary technique instructions, produce or delete files, or disable services,” said F5 in an advisory. “There is no info plane exposure this is a regulate airplane issue only,” they additional.

A self-IP deal with is an IP tackle on a Massive-IP procedure, that a client makes use of to affiliate with VLAN.

The Cybersecurity and Infrastructure Security Company (CISA) issued an warn and advised users to utilize the necessary updates.

Impacted Versions

The security vulnerability that has an effect on the Major-IP item variation are:

  • 1. to 16.1.2
  • 1. to 15.1.5
  • 1. to 14.1.4
  • 1. to 13.1.4
  • 1. to 12.1.6
  • 6.1 to 11.6.5

The F5 will not introduce fixes for versions 11.x (11.6.1 – 11.6.5) and 12.x (12.1. – 12.1.6).

The patches for versions v17.., v16.1.2.2, v15.1.5.1, v14.1.4.6, and v13.1.5 were being released by F5.

The advisory by F5 clarifies that the CVE-2022-1388 has no outcome on other F5 merchandise – Large-IQ Centralized Management, F5OS-A, F5OS-C, or Website traffic SDC.

F5 affected products and fixed versions

F5 affected products and solutions and mounted variations (Supply: F5)

The Massive-IP products are commonly built-in into the enterprises there is a significant threat of common attack.

Security researcher Nate Warfield documented in a tweet that practically 16,000 Massive-IP gadgets are exposed to the internet. A query shared by Warfield demonstrates the uncovered gadgets on Shodan.

Most of the uncovered Massive-IP gadgets are found in the Usa, China, India, and Australia. These programs are allotted to Microsoft corporation, Google LLC, DigitalOcean, and Linode.

Mitigations

Three “temporary mitigation” procedures have been recommended by F5, for individuals who simply cannot deploy security patches instantly.

According to F5 “You can block all obtain to the iControl Relaxation interface of your Huge-IP process through self IP addresses”. This can be finished by shifting the Port Lockdown configurations to Allow None for each individual self-IP handle in the process.

One more mitigation process is to limit iControl Rest obtain by the management interface or modify the Huge-IP httpd configuration.

Moreover, F5 has also produced a far more generic advisory to deal with an additional set of 17 high severity vulnerabilities learned and fastened in Huge-IP.

In July 2020, a critical RCE bug still left countless numbers of F5 Large-IP users’ accounts vulnerable to an attacker.

 


Some areas of this short article are sourced from:
threatpost.com

Previous Post: «top threats your business can prevent on the dns level Top Threats your Business Can Prevent on the DNS Level

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • F5 Warns of Critical Bug Allowing Remote Code Execution in BIG-IP Systems
  • Top Threats your Business Can Prevent on the DNS Level
  • The Importance of Defining Secure Code
  • Researchers Disclose 10-Year-Old Vulnerabilities in Avast and AVG Antivirus
  • Heroku Forces User Password Resets Following GitHub OAuth Token Theft
  • WannaCry showed the world how not to write ransomware
  • Thousands of Borrowers’ Data Exposed from ENCollect Debt Collection Service
  • South Korea Admitted to NATO Cyber Defense Center
  • NHS Inboxes Hijacked to Send 1000+ Malicious Emails
  • FBI: Thailand and Hong Kong Banks Used Most in BEC

Copyright © TheCyberSecurity.News, All Rights Reserved.