The Hacker News
Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover
May 9^th 2024 at 06:11

Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover

By: Newsroom

Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize control of the devices and create hidden rogue administrator accounts for persistence. The remotely exploitable flaws "can give attackers full administrative control of the device, and subsequently allow attackers to create accounts on any F5 assets managed by the Next

The Hacker News
Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability
November 1^st 2023 at 04:53

Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability

By: Newsroom

F5 is warning of active abuse of a critical security flaw in BIG-IP less than a week after its public disclosure, resulting in the execution of arbitrary system commands as part of an exploit chain. Tracked as CVE-2023-46747 (CVSS score: 9.8), the vulnerability allows an unauthenticated attacker with network access to the BIG-IP system through the management port to achieve code execution. A

The Hacker News
New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products
February 3^rd 2023 at 07:26

New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products

By: Ravie Lakshmanan

F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution. The issue is rooted in the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP - 13.1.5 14.1.4.6 - 14.1.5 15.1.5.1 - 15.1.8 16.1.2.2 - 16.1.3, and 17.0.0 "A format string vulnerability exists in iControl SOAP

The Hacker News
Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls
December 10^th 2022 at 06:18

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

By: Ravie Lakshmanan

A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information. Web application firewalls are a key line of defense to help filter, monitor, and block HTTP(S) traffic to and from a web application, and safeguard against attacks such as cross-site

The Hacker News
High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices
November 17^th 2022 at 06:58

High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices

By: Ravie Lakshmanan

Multiple security vulnerabilities have been disclosed in F5 BIG-IP and BIG-IQ devices that, if successfully exploited, to completely compromise affected systems. Cybersecurity firm Rapid7 said the flaws could be abused to remote access to the devices and defeat security constraints. The issues impact BIG-IP versions 13.x, 14.x, 15.x, 16.x, and 17.x, and BIG-IQ Centralized Management versions 7.x

🏷️ My labels
- ❌
Article tags
November 17^th 2022 at 06:58

FreshRSS

Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover

Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability

New High-Severity Vulnerabilities Discovered in Cisco IOx and F5 BIG-IP Products

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

High Severity Vulnerabilities Reported in F5 BIG-IP and BIG-IQ Devices