Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence.
The remotely exploitable flaws "can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next
F5 is warning of active abuse of a critical security flaw in BIG-IP less than a week after its public disclosure, resulting in the execution of arbitrary system commands as part of an exploit chain.
Tracked asΒ CVE-2023-46747Β (CVSS score: 9.8), theΒ vulnerabilityΒ allows an unauthenticated attacker with network access to the BIG-IP system through the management port to achieve code execution. A
F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution.
The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP -
13.1.5
14.1.4.6 - 14.1.5
15.1.5.1 - 15.1.8
16.1.2.2 - 16.1.3, and
17.0.0
"A format string vulnerability exists in iControl SOAP
A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information.
Web application firewalls are aΒ key line of defenseΒ to help filter, monitor, and block HTTP(S) traffic to and from a web application, and safeguard against attacks such as cross-site
Multiple security vulnerabilities have been disclosed in F5 BIG-IP and BIG-IQ devices that, if successfully exploited, to completely compromise affected systems.
Cybersecurity firm Rapid7 said theΒ flawsΒ could be abused to remote access to the devices and defeat security constraints. The issues impact BIG-IP versions 13.x, 14.x, 15.x, 16.x, and 17.x, and BIG-IQ Centralized Management versions 7.x