Thomas Hendrickson and Michael Weber of Praetorian Security, Inc. have discovered an authentication bypass vulnerability in F5 BIG-IP. Tracked as CVE-2023-46747, the vulnerability has a critical severity rating with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an attacker to perform remote code execution on the target system.
Tag: F5 BIG-IP
F5 Patches Vulnerabilities in iControl SOAP and iControl REST Running on F5 BIG-IP and BIG-IQ Devices (CVE-2022-41800 and CVE-2022-41622)
Researchers have discovered multiple security vulnerabilities in the F5 BIG-IP and BIG-IQ devices (CVE-2022-41800 and CVE-2022-41622). The vulnerabilities affect the iControl SOAP and iControl REST running on F5 BIG-IP and BIG-IQ Devices. F5’s BIG-IP is a collection of software and hardware intended to improve application availability, access management, and security. iControl is the first … Continue reading “F5 Patches Vulnerabilities in iControl SOAP and iControl REST Running on F5 BIG-IP and BIG-IQ Devices (CVE-2022-41800 and CVE-2022-41622)”
F5 BIG-IP iControl REST Remote Code Execution Vulnerability (CVE-2022-1388)
A critical Remote Code Execution vulnerability has been reported in the F5 BIG-IP iControl REST API. The vulnerability is being tracked as CVE-2022-1388. A proof of concept for the vulnerability is available and is being actively exploited by threat actors. Security researchers are advising F5 BIG-IP administrators to immediately install the latest security patch. … Continue reading “F5 BIG-IP iControl REST Remote Code Execution Vulnerability (CVE-2022-1388)”