On F5 BIG-IP 16.1.x versions before 16.1.2.2, 15.1.x versions before 15.1.5.1, 14.1.x versions before 14.1.4.6, 13.1.x versions before 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
f5 big-ip access policy manager |
||
f5 big-ip advanced firewall manager |
||
f5 big-ip analytics |
||
f5 big-ip application acceleration manager |
||
f5 big-ip application security manager |
||
f5 big-ip domain name system |
||
f5 big-ip fraud protection service |
||
f5 big-ip global traffic manager |
||
f5 big-ip link controller |
||
f5 big-ip local traffic manager |
||
f5 big-ip policy enforcement manager |
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources BIG-IP iControl authentication bypass, NFV VM escape, and more
F5 Networks and Cisco this week issued warnings about serious, and in some cases critical, security vulnerabilities in their products. F5 officials said Thursday its most serious issue, a critical flaw in its iControl REST framework with a severity score of 9.8 out of 10, could be exploited to bypass the authentication software, used by its BIG-IP portfolio, and hijack equipment. Specifically, the vulnerability, tracked as CVE-2022-1388, can be abused by miscreants to, among other things, run ma...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Fast-evolving botnet targets critical VMware, F5 BIG-IP bugs, we're told
The botnet malware EnemyBot has added exploits to its arsenal, allowing it to infect and spread from enterprise-grade gear. What's worse, EnemyBot's core source code, minus its exploits, can be found on GitHub, so any miscreant can use the malware to start crafting their own outbreaks of this software nasty. The group behind EnemyBot is Keksec, a collection of experienced developers, also known as Nero and Freakout, that have been around since 2016 and have launched a number of Linux- and Window...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Palo Alto Networks Unit 42 incident response team warns of patch speedups What do you want on The Register?
Palo Alto Networks' annual Unit 42 incident response report is out, warning of an ever-decreasing gap between vulnerability disclosures and an increase in cybercrime. "The 2022 Attack Surface Management Threat Report found that attackers typically start scanning for vulnerabilities within 15 minutes of a CVE being announced," the vendor says. It adds: "Palo Alto Networks released a Threat Prevention signature for the F5 BIG-IP Authentication Bypass Vulnerability (CVE-2022-1388), and within just ...