Cyber Security

BIG-IP: Proof-of-concept released for RCE vulnerability in F5 network management tool

A proof-of-concept (PoC) has been developed for a critical vulnerability in F5’s BIG-IP networking software which could expose thousands of users to remote takeover.

The vulnerability, tracked as CVE-2022-1388, could allow an attacker to make undisclosed requests to bypass iControl REST authentication.

If exploited, an unauthenticated user could gain remote code execution (RCE) on an affected device.

Thousands vulnerable

Disclosed last week, the bug affects multiple versions of the network management software, which is said to be used by more than 35,000 companies.

“This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services,” a security advisory warns.

“There is no data plane exposure; this is a control plane issue only.”

PoCs are now being released for the vulnerability, as threat research teams warn users to patch immediately.

Both PT Swarm and Horizon3 Attack Team have released separate PoCs. Both urge users to apply the fix if possible.

Mitigations

F5 has published a list of vulnerable versions and has shared advice on how to protect against the flaw.

The advice reads: “If you are running a version listed in the versions known to be vulnerable column, you can eliminate this vulnerability by installing a version listed in the fixes introduced in column.

“If the fixes introduced in column does not list a version for your branch, then no update candidate currently exists for that branch and F5 recommends upgrading to a version with the fix (refer to the table).

“If the fixes introduced in column lists a version prior to the one you are running, in the same branch, then your version should have the fix.”

Paul Bischoff, privacy advocate at Comparitech, commented: “App developers using BIG-IP services should immediately take steps to mitigate the vulnerability until a patch is ready.

“Those steps include blocking access to the iControl REST interface of your BIG-IP system, restricting access only to trusted users and devices, and/or modifying the BIG-IP httpd configuration.

“Apps using BIG-IP can easily be discovered and targeted using a search engine like Shodan, so developers should expect attackers to exploit vulnerable systems in the near future.”

Advertisement. Scroll to continue reading.

Source: https://portswigger.net/daily-swig/big-ip-proof-of-concept-released-for-rce-vulnerability-in-f5-network-management-tool

Click to comment

You May Also Like

Business News

Cummins Inc. has approved its high-horsepower diesel engines across all ratings for use with unblended paraffinic fuels (EN15940), often referred to as renewable diesel,...

Business News

PT BAUER Pratama Indonesia, the Indonesian subsidiary of BAUER Spezialtiefbau GmbH, was commissioned to manufacture the retaining walls for the basement in Kota Station...

Business News

The European Anti-Fraud Office (OLAF) has put forth a recommendation to halt the €140 million renovation project for the Kostenets-Septemvri railway in Bulgaria, while...

Business News

According to an official news release, Turner Construction has officially commenced a US$100 million renovation project at Albany International Airport, located in upstate New...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO

Exit mobile version