F5 BIG-IP Central Manager is vulnerable to two remotely exploitable security flaws, CVE-2024-21793 & CVE-2024-26026. Successful exploitation of the vulnerabilities may allow attackers to gain complete administrative control of the device and subsequently create accounts on any F5 assets managed by the Next Central Manager.
Tag: F5 BIG-IP
F5 BIG-IP Unauthenticated Remote Code Execution Vulnerability (CVE-2023-46747)
Thomas Hendrickson and Michael Weber of Praetorian Security, Inc. have discovered an authentication bypass vulnerability in F5 BIG-IP. Tracked as CVE-2023-46747, the vulnerability has a critical severity rating with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution on the target system.
F5 Patches Vulnerabilities in iControl SOAP and iControl REST Running on F5 BIG-IP and BIG-IQ Devices (CVE-2022-41800 and CVE-2022-41622)
Researchers have discovered multiple security vulnerabilities in the F5 BIG-IP and BIG-IQ devices (CVE-2022-41800 and CVE-2022-41622). The vulnerabilities affect the iControl SOAP and iControl REST running on F5 BIG-IP and BIG-IQ Devices. F5’s BIG-IP is a collection of software and hardware intended to improve application availability, access management, and security. iControl is the first … Continue reading “F5 Patches Vulnerabilities in iControl SOAP and iControl REST Running on F5 BIG-IP and BIG-IQ Devices (CVE-2022-41800 and CVE-2022-41622)”
F5 BIG-IP iControl REST Remote Code Execution Vulnerability (CVE-2022-1388)
A critical Remote Code Execution vulnerability has been reported in the F5 BIG-IP iControl REST API. The vulnerability is being tracked as CVE-2022-1388. A proof of concept for the vulnerability is available and is being actively exploited by threat actors. Security researchers are advising F5 BIG-IP administrators to immediately install the latest security patch. … Continue reading “F5 BIG-IP iControl REST Remote Code Execution Vulnerability (CVE-2022-1388)”