F5 BIG-IP iControl SOAP Remote Code Execution Vulnerability (CVE-2023-22374) Alert

February 6, 2023

Overview Recently, NSFOCUS CERT found that the technical details of the F5 BIG-IP arbitrary code execution vulnerability (CVE-2023-22374) were publicly disclosed online. Due to the format string vulnerability in BIG-IP iControl SOAP, a remote attacker with administrator authority can access the iControl SOAP interface through the BIG-IP management port or its own IP address, so […]

Millions of Devices May Be Affected, and Yeskit Botnet Family Spreads on a Massive Scale by Exploiting F5 BIG-IP Vulnerability

June 2, 2022

Background   On May 4, 2022, F5 issued a security bulletin regarding a remote code execution vulnerability in iControlREST component of BIG-IP products. The CVE number of the vulnerability is CVE-2022-1388. The vulnerability can bypass authentication and remotely execute arbitrary code with a vulnerability score of CVSS up to 9.8. Since the bulletin, attackers have […]

F5 BIG-IP iControl REST Authentication Bypass Vulnerability (CVE-2022-1388) Alert

May 11, 2022

Overview Recently, NSFOCUS CERT detected that F5 issued a security bulletin to fix an authentication bypass vulnerability in BIG-IP. Unauthenticated attackers can use the control interface to exploit, through the BIG-IP management interface or its own IP address. Network access to the iControl REST interface to execute arbitrary system commands, create or delete files, and […]

F5 BIG-IP/BIG-IQ High-Risk Vulnerabilities Threat Alert

March 24, 2021

Vulnerability Description On March 11, NSFOCUS observed that F5 released a security bulletin to announce the fix of multiple high-risk vulnerabilities, CVE-2021-22986, CVE-2021-22987, CVE-2021-22988, CVE-2021-22989, CVE-2021-22990, CVE-2021-22991, and CVE-2021-22992, which affect BIG-IP and BIG-IQ in F5. Users are advised to take preventive measures as soon as possible. BIG-IP is an F5 application delivery platform that […]

F5 BIG-IP TMUI Remote Code Execution Vulnerability (CVE-2020-5902) Threat Alert

July 24, 2020

Vulnerability Description

Recently, NSFOCUS detected that F5 had updated its security advisory on the Traffic Management User Interface (TUMI) remote code execution vulnerability (CVE-2020-5902). The affected 15.x versions were changed to 15.0.0–15.1.0, and bypassable workarounds and validation methods were updated. By accessing the TUMI via the BIG-IP management port or their own IP addresses, unauthenticated attackers could craft malicious requests to obtain the privileges of target servers. The vulnerability has a CVSS score of 10. Currently, msf has integrated the exploit of the vulnerability. Users affected by the vulnerability are advised to take measures as soon as possible.



Subscribe to the NSFOCUS Blog