Millions of Devices May Be Affected, and Yeskit Botnet Family Spreads on a Massive Scale by Exploiting F5 BIG-IP Vulnerability

junho 2, 2022

Background   On May 4, 2022, F5 issued a security bulletin regarding a remote code execution vulnerability in iControlREST component of BIG-IP products. The CVE number of the vulnerability is CVE-2022-1388. The vulnerability can bypass authentication and remotely execute arbitrary code with a vulnerability score of CVSS up to 9.8. Since the bulletin, attackers have […]

F5 BIG-IP iControl REST Authentication Bypass Vulnerability (CVE-2022-1388) Alert

maio 11, 2022

Overview Recently, NSFOCUS CERT detected that F5 issued a security bulletin to fix an authentication bypass vulnerability in BIG-IP. Unauthenticated attackers can use the control interface to exploit, through the BIG-IP management interface or its own IP address. Network access to the iControl REST interface to execute arbitrary system commands, create or delete files, and […]


Inscreva-se no Blog da NSFOCUS