Finding F5 BIG-IP instances
Technology vendor F5 recently published information on over 40 vulnerabilities, mostly affecting their BIG-IP line of products. While these vulnerabilities include a mix of types and severities, a particular authentication bypass vulnerability that can affect all BIG-IP modules was concerning enough that CISA specifically called it out in a post this week.
Known as CVE-2022-1388 (CVSS “critical” score of 9.8), a vulnerable BIG-IP target can allow for takeover by an unauthenticated attacker via network connection or management port. Once connected to a vulnerable target, successful exploitation is achieved via a crafted HTTP request sent by the attacker, bypassing iControl REST authentication and providing the attacker full access and control. F5 does add that there is no data plane exposure via exploitation of this vulnerability, rather “this is a control plane issue only”.
Patches have been made available by F5 for CVE-2022-1388, as well for many of the other vulnerabilities included in their security advisory overview. Guidance also includes mitigation steps if immediate or near-term patching is not an option.
_asset.protocol:http AND protocol:http AND (service.vendor:F5 OR html.title:"=BIG-IP%" OR html.copyright:"F5 Networks, Inc" OR http.body:"/tmui/" OR favicon.ico.image.md5:04d9541338e525258daf47cc844d59f3)
Don’t have Rumble and need help finding potentially vulnerable BIG-IP assets? Start your Rumble trial today.
May 12, 2022
Wrangling the May 2022 Patch Tuesday
Microsoft recently released security updates for over 70 vulnerabilities, including 3 zero-days and 7 critical vulnerabilities that affect a wide-range of their products and services. The list of patches covers an actively exploited zero-day vulnerability in the Windows …Read More
April 29, 2022
Finding Netatalk instances
A critical vulnerability in the Netatalk open source file server software was found in some popular network attached storage (NAS) devices. Netatalk provides services for the deprecated AFP (Apple Filing Protocol, formerly known as Appletalk Filing Protocol), and runs on a …Read More
March 30, 2022
Finding Kaspersky AV on your Windows endpoints
Late last week, the U.S. Federal Communications Commission announced it had added Russian-based Kaspersky Lab to its Covered List, maintained by the FCC to identify “entities that pose an unacceptable risk to U.S. national security.” This follows a 2017 action by the U.S. …Read More