https://www.sunoltech.com/f5-local-traffic-manager-r10920-fips-ready/
F5 F5-BIG-LTM-R10920-DF BIG-IP APPLIANCE: LOCAL TRAFFIC MANAGER R10920 FIPS READY @f5 #bigip #r10920 #appliance #locl #traffic #manager @SunolTech

#F5 fixed a high-severity elevation of privilege vulnerability in BIG-IP
https://securityaffairs.com/170022/security/f5-patches-big-ip-elevation-of-privilege-bug.html
#securityaffairs #hacking #bigip

Hackers use #F5 #BIGIP malware to stealthily steal data for years

https://www.bleepingcomputer.com/news/security/hackers-use-f5-big-ip-malware-to-stealthily-steal-data-for-years

Critical #vulnerabilities in BIG-IP appliances leave big networks open to #intrusion
#security #privacy #BIGIP

https://arstechnica.com/?p=2022973

I stood up a very simple F5 BIG-IP honeypot this week, and saw some familiar traffic hitting it. Thought it'd be fun to share some observations on what I'm seeing on our Labs blog :)

https://www.labs.greynoise.io/grimoire/2023-12-14-if-youre-going-to-spray-my-exploit/

@greynoise #honeypot #exploit #poc #f5 #bigip #metasploit

BIG-IP iRule or LTM policy may generate multiple HTTP redirect responses:

A security advisory highlights a vulnerability in BIG-IP systems that can result in the generation of multiple HTTP redirect responses when certain conditions are met. This occurs if a virtual server has specific configurations, including an iRule or LTM policy for redirecting HTTP requests based on request content, and if it processes a malformed HTTP request. The impact of this vulnerability can lead to multiple unexpected HTTP redirect responses being cached by intermediate systems and received by clients. F5 has assigned IDs to this issue and classified it as CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'). Users are recommended to update to fixed versions or apply a mitigation iRule to affected virtual servers.

#BigIP #Irule #K000137322 #SecurityAdvisory

F5 Security Advisory K000137322

🚨Cyber Alert🚨
F5 warns of a critical BIG-IP flaw (CVE-2023-46747) exploited actively. Linked to another vulnerability (CVE-2023-46748), patches are available. The Shadowserver Foundation observed attempts since 10/30/23.

#f5 #cyber #cybersecurity #infosec #technews #tech #technology #infosec #informationsecurity #it #informationtechnology #hacking #BIGIP

"🔓 BIG-IP and BIG-IQ iControl SOAP Vulnerability Alert 🔓"

A vulnerability (CVE-2023-38419) has been discovered in BIG-IP and BIG-IQ iControl SOAP. Stay safe and update your software! 💻🔒

Source: AusCERT

Tags: #BIGIP #BIGIQ #iControlSOAP #Vulnerability #Cybersecurity #CVE202338419

Well it appears our #BigIP, our VPN client is down too which means our phone client is out also.

#API management (APIM): What It Is and Where It’s Going
https://securityaffairs.com/141738/security/api-management-apim.html
#securityaffairs #hacking #BIGIP

A High-severity bug in #F5 BIG-IP can lead to code execution and DoS
https://securityaffairs.com/141728/security/f5-big-ip-bug.html
#securityaffairs #hacking #BIGIP

Wrote up a pair of #AttackerKB entries for the two vulnerabilities in #F5 #BigIP that we released today (largely the same as the blog, but more focus on technical and less on the story):

https://attackerkb.com/topics/i21EbdNxks/cve-2022-41622/rapid7-analysis

https://attackerkb.com/topics/ZClTQn4aG4/cve-2022-41800/rapid7-analysis

A couple of #F5 CVEs dropped today outside of our normal notification cadence.

TL;DR: If you haven't left your #BIGIP or #BIGIQ management interfaces open to the world, you're probably in pretty good shape, but still go and read the notification; there are additional mitigation steps in the CVE articles: https://support.f5.com/csp/article/K97843387

Also check out the video @aubreykingf5 posted from DevCentral with some more details about the vulns, impact, and mitigation: https://youtu.be/qRoc0sXlHUg

#infosec

I'm excited to share of my work that came out today! Specifically, a handful of vulnerabilities in #F5 #BIGIP devices that I worked on through the summer, and worked with the vendor to get patched (F5 was awesome to work with, btw!).

I wrote a super detailed #blog post, and also wrote a full PoC. #Metasploit modules (both for the exploits and some post-exploitation data-gathering) are incoming as well!

The most important of the issues is #RCE via a #CSRF vulnerability in the #SOAP interface (#CVE_2022_41622), which is pretty cool (though requires a confluence of conditions to actually matter). I also had to bypass #SELinux to actually exploit this on the path I chose, which is kinda cool.

The other is authenticated RCE, to which they assigned #CVE_2022_41800, though even I, the person who found it, doesn't really think it's a big deal. It's a nice way to get a #Meterpreter session on your test box, at least?

I also published a bunch of my #tools for analyzing F5, including scripts to build, parse, and #MitM requests to their proprietary (I think?) database protocol (these require a valid login to use, but there's no user separation so there's a bit of #LPE).

I'll also be speaking about this research in much more detail (as much as I can in 45 minutes :) ) in my #HushCon talk on Dec 2!

Ces deux #failles critiques ont été exploitées par des hackers d'État. La Cybersecurity and Infrastructure Security Agency (#CISA) a alerté sur le fait que plusieurs #failles étaient activement exploitées par des hackers d’État, dont deux sont considérées comme critiques.
https://www.clubic.com/antivirus-securite-informatique/virus-hacker-piratage/piratage-informatique/actualite-423660-ces-deux-failles-critiques-ont-ete-exploitees-par-des-hackers-d-etat.html
#sécurité #vulnérabilités #VMware #BIGIP

#Mitigation through #F5 #BIGIP #ASM of #Citrix Application Delivery Controller (ADC) and Gateway– Remote Code Execution (#CVE-2019-19781)
https://devcentral.f5.com/s/articles/Citrix-Application-Delivery-Controller-ADC-and-Gateway-Remote-Code-Execution-CVE-2019-19781