Vulnerabilities of Serious Risk Found in Cisco IOx and F5 BIGIP Products

F5 has warned of a serious vulnerability in BIG-IP appliances that could lead to denial-of-service or arbitrary code execution. This issue is related to the iControl Simple Object Access Protocol interface and affects certain versions of BIG-IP. According to F5, a format string vulnerability in iControl SOAP could allow an authenticated attacker to crash the iControl SOAP CGI process or potentially execute arbitrary code. If exploited in appliance mode, the attacker could cross a security boundary. The vulnerability, tracked as CVE-2023-22374, was discovered and reported by security researcher Ron Bowes of Rapid7 on December 6, 2022. As the iControl SOAP interface runs as root, a successful exploit could permit a threat actor to remotely trigger code execution on the device as the root user. This can be done by inserting arbitrary format string characters into a query parameter that is passed to a logging function called syslog. F5 has released an engineering hotfix to address the problem, and is recommending users restrict access to the iControl SOAP API to only trusted users. In addition, Cisco has released updates to fix a flaw in Cisco IOx application hosting environment that could allow an authenticated, remote attacker to execute arbitrary commands as root on the underlying host operating system. Trellix, the cybersecurity firm that identified the issue, warned of the potential supply chain threats, as a bad actor could use the exploit to maliciously tamper with one of the affected Cisco devices. They also discovered a security check bypass during TAR archive extraction, which could allow an attacker to write on the underlying host operating system as the root user. Cisco has since remediated the defect, and stated that the vulnerability poses no immediate risk.

This Cyber News was published on thehackernews.com. Publication date: Fri, 03 Feb 2023 08:31:03 +0000


Cyber News related to Vulnerabilities of Serious Risk Found in Cisco IOx and F5 BIGIP Products

CVE-2019-6675 - BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in a complete compromise of the ...
5 years ago
16 top ERM software vendors to consider in 2024 - Enterprise risk management software helps organizations identify, mitigate and remediate business risks, which can lead to improved business performance. The risk management market is rapidly evolving from separate tools across different risk domains ...
1 year ago Techtarget.com
Meet the Cisco Security Risk Score - In April 2023, we rebranded our risk-based vulnerability management solution, Kenna. Effective immediately, the Kenna Risk Score is renamed to the Cisco Security Risk Score. VI is renamed to Cisco Vulnerability Intelligence, and Kenna. To strengthen ...
1 year ago Feedpress.me
Master Security by Building on Compliance with A Risk-Centric Approach - In recent years, a confluence of circumstances has led to a sharp rise in IT risk for many organizations. That's why a proactive approach to seeing, understanding, and acting on risk is key to improving the effectiveness of defenses in place to meet ...
1 year ago Cyberdefensemagazine.com
ProcessUnity Introduces Industry's All-In-One Third-Party Risk Management Platform - PRESS RELEASE. BOSTON-(BUSINESS WIRE)- ProcessUnity, provider of comprehensive end-to-end third-party risk management and cybersecurity solutions to leading enterprises, today announced the completed integration of the Global Risk Exchange. The newly ...
1 year ago Darkreading.com
Vulnerability in Cisco Industrial Devices Permits Malicious Software to Remain After Restarts - On Wednesday, Cisco released patches for a serious command injection vulnerability in the IOx application hosting environment. This vulnerability, tracked as CVE-2023-20076, is caused by parameters that are not completely sanitized when activating an ...
2 years ago Securityweek.com CVE-2023-20076
A Cybersecurity Risk Assessment Guide for Leaders - Now more than ever, keeping your cyber risk in check is crucial. In the first half of 2022's Cyber Risk Index, 85% of the survey's 4,100 global respondents said it's somewhat to very likely they will experience a cyber attack in the next 12 months. ...
2 years ago Trendmicro.com
Key elements for a successful cyber risk management strategy - In this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies and practices, uncovering common mistakes and highlighting key components for successful risk resolution. Nathaniel ...
1 year ago Helpnetsecurity.com
Key Takeaways from the Gartner® Market Guide for Insider Risk Management - Insider risk incidents are on the rise and becoming more costly to contain. As a result, earlier this year, Gartner predicted that 50% of all medium to large enterprises would adopt insider risk programs. The report reveals several key findings about ...
1 year ago Securityboulevard.com
How to Complete an IT Risk Assessment - An effective security strategy needs to put managing risk at the heart of its approach. An IT risk assessment process is used by organizations to identify and prioritize the most pressing risks to their IT environment. Naturally, it focuses on IT ...
1 year ago Heimdalsecurity.com
Vulnerabilities of Serious Risk Found in Cisco IOx and F5 BIGIP Products - F5 has warned of a serious vulnerability in BIG-IP appliances that could lead to denial-of-service or arbitrary code execution. This issue is related to the iControl Simple Object Access Protocol interface and affects certain versions of BIG-IP. ...
2 years ago Thehackernews.com CVE-2023-22374
Three Things to Know About the New SEC Rules on Sharing Information and Breach Disclosure Deadlines - Recently, the Securities and Exchange Commission adopted rules about the handling and reporting of cyber risks and breaches. With these new guidelines and regulations, public companies and organizations must disclose cybersecurity incidents ...
1 year ago Cyberdefensemagazine.com
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
9 months ago Cisa.gov
Critical Start Implements Cyber Risk Assessments With Peer Benchmarking and Prioritization Engine - PRESS RELEASE. PLANO, Texas, Jan. 11, 2024 /PRNewswire/ - Today, Critical Start, a leading provider of Managed Detection and Response cybersecurity solutions and pioneer of Managed Cyber Risk Reduction, announced general availability of Critical ...
1 year ago Darkreading.com
Third-Party Security Assessments: Vendor Risk Management - As businesses rely more heavily on external vendors to provide critical services and support, the importance of effective vendor risk management strategies becomes paramount. This article explores the significance of third-party security assessments, ...
1 year ago Securityzap.com
5 Tips for Pi Day Savings at the Cisco Learning Network Store - Save 25% on select training products from the Cisco Learning Network Store for 24 hours only. Two new multicloud training courses are now available in the Cisco Learning Network Store-and they're included in the Pi Day Sale. If you are an active ...
1 year ago Feedpress.me
What's Coming to Cisco Live Europe 2024 for the Data Center Developer? - In just a week or so, Cisco Live EMEA, 2024 will be ready to sizzle at the RAI Amsterdam. From a Cisco Cloud Networking standpoint, Cisco Nexus Dashboard, Cisco ACI, and Nexus 9000 Series switches are showing up in a big way. Read on to learn what ...
1 year ago Feedpress.me
Building Data Center Infrastructure for the AI Revolution  - This is part two of a multi-part blog series on AI. Part one, Why 2024 is the Year of AI for Networking, discussed Cisco's AI networking vision and strategy. This blog will focus on evolving data center network infrastructure for supporting AI/ML ...
1 year ago Feedpress.me
The Cyber Risk Nightmare and Financial Risk Disaster of Using Personal Messaging Apps in The Workplace - This practice, which is unfortunately still widespread in an environment of relentless cyberattacks, is fraught with major cyber and financial risk. Unsecure messaging apps are a gateway for cybercriminals to access, expose and exploit an ...
1 year ago Cyberdefensemagazine.com
Cisco Adds New Security and AI Capabilities in Next Step Toward Cisco Networking Cloud Vision - PRESS RELEASE. AMSTERDAM, Feb. 6, 2024 /PRNewswire/ - CISCO LIVE EMEA - Cisco, the leader in networking and security, today introduced new capabilities and technologies across its networking portfolio that are designed to drive a more unified and ...
1 year ago Darkreading.com
CVE-2017-3852 - A vulnerability in the Cisco application-hosting framework (CAF) component of the Cisco IOx application environment could allow an authenticated, remote attacker to write or modify arbitrary files in the virtual instance running on the affected ...
7 years ago
The ONE Thing All Modern SaaS Risk Management Programs Do - Reducing SaaS risk is, without a doubt, a difficult challenge. Gaining visibility into all the SaaS apps used across an enterprise is hard enough, but it becomes an even greater challenge when only a portion of the apps go through the company's ...
11 months ago Securityboulevard.com
How to Do a Risk Analysis Service in a Software Project - Software projects are vulnerable to countless attacks, from the leak of confidential data to exposure to computer viruses, so any development team must work on an effective risk analysis that exposes any vulnerabilities in the software product. A ...
1 year ago Feeds.dzone.com
What Are the 6 Types of Risk Assessment and How Do They Work? - Risk assessment is a tool used to help quantify potential risks in a certain situation. It can be used in many different scenarios, including business operations, financial decisions, and also cybersecurity. A risk assessment helps you identify areas ...
2 years ago Thehackernews.com
CISOs Need to Take a Holistic Approach to Risk Management - Although the traditional approach to cybersecurity typically revolves around mitigating threats and vulnerabilities, these tactics are no longer enough to protect businesses effectively. There is now a need for a more comprehensive, holistic approach ...
1 year ago Feeds.fortinet.com

Latest Cyber News


Cyber Trends (last 7 days)