It has been reported that F5 has issued a security advisory warning about a flaw that may allow unauthenticated attackers with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. The vulnerability is tracked as CVE-2022-1388 and has a CVSS v3 severity rating of 9.8, categorized as critical. Its exploitation can potentially lead up to a complete system takeover.
F5 iControl REST API exposed?
— Germán Fernández (@1ZRR4H) May 5, 2022
curl -sk https://$host/mgmt/shared/authn/login
📍 CVE-2022-1388 (Auth bypass to RCE) 👀
REF: https://t.co/OOuyTwbnty
* This only verifies the presence of the API by hitting the authentication endpoint (https://t.co/SdVNXAQ0Na) pic.twitter.com/psFGy0WEV0
Commenting on this story,
About the Author
-
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security