BIG-IP: Proof-of-concept released for RCE vulnerability in F5 network management tool – The Daily Swig

Users should patch immediately

A proof-of-concept (PoC) has been developed for a critical vulnerability in F5’s BIG-IP networking software which could expose thousands of users to remote takeover.

The vulnerability, tracked as CVE-2022-1388, could allow an attacker to make undisclosed requests to bypass iControl REST authentication.

If exploited, an unauthenticated user could gain remote code execution (RCE) on an affected device.

Thousands vulnerable

Disclosed last week, the bug affects multiple versions of the network management software, which is said to be used by more than 35,000 companies.

“This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services,” a security advisory warns.

“There is no data plane exposure; this is a control plane issue only.”

PoCs are now being released for the vulnerability, as threat…

Read Full Story: https://portswigger.net/daily-swig/big-ip-proof-of-concept-released-for-rce-vulnerability-in-f5-network-management-tool

The post BIG-IP: Proof-of-concept released for RCE vulnerability in F5 network management tool – The Daily Swig first appeared on SEO, Marketing and Social News | OneSEOCompany.com.

source: https://news.oneseocompany.com/2022/05/09/big-ip-proof-of-concept-released-for-rce-vulnerability-in-f5-network-management-tool-the-daily-swig_2022050919453.html

Your content is great. However, if any of the content contained herein violates any rights of yours, including those of copyright, please contact us immediately by e-mail at media[@]kissrpr.com.