F5 Developing Fix for BIG-IP Vulnerability That Could Cause Denial of Service and Allow for Code Execution

F5 has warned of a serious format string vulnerability in BIG-IP that could allow an authenticated attacker to cause a denial-of-service and potentially execute malicious code. This security issue, tracked as CVE-2023-22374, affects iControl SOAP, an open API that allows communication between systems and runs as root. It is accessible from the network, either through the BIG-IP management port or self IP addresses, and is only available to administrative accounts. Rapid7, which discovered the bug, explains that exploitation is possible by inserting format string specifiers into certain parameters that are passed into the syslog function, which leads to the service reading and writing memory addresses from the stack. The attacker cannot read the memory unless they have access to the syslog. It is difficult to influence the specific addresses read and written, making this vulnerability hard to exploit in practice. An attacker could crash the service by using the %s specifier, and could use the %n specifier to write arbitrary data to any pointer in the stack, which could potentially lead to remote code execution. To exploit the flaw for code execution, an attacker would need to gather information about the environment running the vulnerable component. The most likely outcome of a successful attack is to crash the server process. A skilled attacker could potentially develop a remote code execution exploit, which would run code on the F5 BIG-IP device as the root user. The vulnerability affects BIG-IP versions 13.1.5, 14.1.4.6 to 14.1.5, 15.1.5.1 to 15.1.8, 16.1.2.2 to 16.1.3, and 17.0.0. F5 is working on an engineering hotfix, but no patch is currently available. To prevent exploitation, access to the iControl SOAP API should be limited to trusted users. CVE-2023-22374 has a CVSS score of 7.5 for BIG-IP systems in standard deployment mode, and a CVSS score of 8.5 for BIG-IP instances in application mode. F5 has warned of a serious format string vulnerability in BIG-IP that could allow an authenticated attacker to cause a denial-of-service and potentially execute malicious code. This security issue, tracked as CVE-2023-22374, affects iControl SOAP, an open API that allows communication between systems and runs as root. It is accessible from the network, either through the BIG-IP management port or self IP addresses, and is only available to administrative accounts. Rapid7, which identified the bug, explains that exploitation is possible by inserting format string specifiers into certain parameters that are passed into the syslog function, resulting in the service reading and writing memory addresses from the stack. The attacker cannot read the memory unless they have access to the syslog. It is difficult to influence the specific addresses read and written, making this vulnerability hard to exploit in practice. An attacker could crash the service by using the %s specifier, and could use the %n specifier to write arbitrary data to any pointer in the stack, which could potentially lead to remote code execution. To exploit the flaw for code execution, an attacker would need to collect information about the environment running the vulnerable component. The most likely outcome of a successful attack is to crash the server process. A skilled attacker could potentially develop a remote code execution exploit, which would run code on the F5 BIG-IP device as the root user. The vulnerability affects BIG-IP versions 13.1.5, 14.1.4.6 to 14.1.5, 15.1.5.1 to 15.1.8, 16.1.2.2 to 16.1.3, and 17.0.0. F5 is working on an engineering hotfix, but no patch is currently available. To prevent exploitation, access to the iControl SOAP API should be restricted to trusted users. CVE-2023-22374 has a CVSS score of 7.5 for BIG-IP systems in standard deployment mode, and a CVSS score of 8.5 for BIG-IP instances in application mode. F5 has warned of a high-severity format string vulnerability in BIG-IP that could allow an authenticated attacker to cause a denial-of-service condition and potentially execute arbitrary code. Tracked as CVE-2023-22374, the security defect impacts iControl SOAP, an open API that enables communication between systems, which runs as root. This interface is accessible from the network, either via the BIG-IP management port and/or self IP addresses, and is limited to administrative accounts. Rapid7, which identified the bug, explains that exploitation is possible by inserting format string specifiers into specific parameters that are passed into the syslog function, resulting in the service reading and writing memory addresses referenced

This Cyber News was published on www.securityweek.com. Publication date: Thu, 02 Feb 2023 18:13:02 +0000


Cyber News related to F5 Developing Fix for BIG-IP Vulnerability That Could Cause Denial of Service and Allow for Code Execution

F5 Developing Fix for BIG-IP Vulnerability That Could Cause Denial of Service and Allow for Code Execution - F5 has warned of a serious format string vulnerability in BIG-IP that could allow an authenticated attacker to cause a denial-of-service and potentially execute malicious code. This security issue, tracked as CVE-2023-22374, affects iControl SOAP, an ...
1 year ago Securityweek.com
CVE-2015-7393 - dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.3.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, ...
8 years ago
CVE-2015-8099 - F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, 11.6.x before ...
5 years ago
CVE-2016-5022 - F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1 HF1, and 12.x before 12.0.0 HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x ...
5 years ago
CVE-2015-5516 - Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and Link Controller 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.x before HF6, BIG-IP AAM 11.4.x, 11.5.x before 11.5.3 ...
5 years ago
Holistic Approach To Privacy and Security in Tech - In this article, I would like to explain how I tackle privacy and security issues that are specific for large scale web and mobile applications and Big Tech. First, let's outline some of the biggest challenges Big Tech companies deal with in terms of ...
1 year ago Feeds.dzone.com
CVE-2015-7394 - The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, ...
5 years ago
CVE-2016-2084 - F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.x, 11.4.x before 11.4.1 build 685-HF10, 11.5.1 before build 10.104.180, 11.5.2 before 11.5.4 build 0.1.256, 11.6.0 before build 6.204.442, and 12.0.0 before build 1.14.628; BIG-IP ...
8 years ago
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
9 months ago Cisa.gov
CVE-2016-5021 - The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.5.x before 11.5.4, 11.6.x before 11.6.1, and 12.x before 12.0.0 HF3; BIG-IP DNS 12.x before 12.0.0 HF3; BIG-IP GTM 11.5.x before 11.5.4 and 11.6.x ...
8 years ago
CVE-2015-3628 - The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and ...
5 years ago
CVE-2016-6876 - The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 through 10.2.4, 11.2.1, 11.4.x, 11.5.x before 11.5.4 HF2, 11.6.x before 11.6.1, and 12.0.0 before HF3; BIG-IP AAM, AFM, and PEM 11.4.x, 11.5.x before 11.5.4 HF2, ...
5 years ago
The Dark Side of Digital Reading: E-Books as Corporate Surveillance Tools - Americans are reading digital books at a rate of three out of ten. In a market where the majority of readers are subject to both Big Publishing's greed and those of Big Tech, it is no surprise that these readers are subject to both the greed of Big ...
1 year ago Cysecurity.news
CVE-2009-0506 - Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 ...
7 years ago
Developing Software Applications Under the Guidance of Data-Driven Decision-Making Principles - To architect and cultivate an application that yields precise outputs in alignment with business requirements, paramount emphasis must be given to the foundational data and the pertinent data scenarios shaping the application. Software application ...
10 months ago Feeds.dzone.com
Developing Cybersecurity Awareness Programs for Schools - Schools are increasingly becoming targets for cyberattacks, necessitating the development of robust cybersecurity awareness programs. Ultimately, a comprehensive cybersecurity awareness program is essential for schools to mitigate risks, enhance ...
11 months ago Securityzap.com
Fake F5 BIG-IP zero-day warning emails push data wipers - The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers. Israel's National Cyber Directorate acts as the CERT responsible for protecting the country ...
1 year ago Bleepingcomputer.com
CVE-2020-5947 - In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP ...
4 years ago
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
8 months ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)