#API management (APIM): What It Is and Where It’s Going
https://securityaffairs.com/141738/security/api-management-apim.html
#securityaffairs #hacking #BIGIP

A High-severity bug in #F5 BIG-IP can lead to code execution and DoS
https://securityaffairs.com/141728/security/f5-big-ip-bug.html
#securityaffairs #hacking #BIGIP

F5 risolve due pericolose RCE che possono portare alla compromissione di BIG-IP e BIG-IQ

Gli sviluppatori di #F5 hanno rilasciato #correzioni per i prodotti #BIGIP e #BIGIQ. Le #patch hanno risolto due gravi #vulnerabilità che potevano consentire agli aggressori non autenticati di eseguire in remoto codice arbitrario (#RCE) su #endpoint vulnerabili.

Fortunatamente, lo sfruttamento di entrambi i problemi richiede il rispetto di determinate condizioni, il che rende difficile sfruttare queste #vulnerabilità. Tuttavia, F5 avverte che uno sfruttamento riuscito può portare alla completa #compromissione dei dispositivi.

#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity

https://lnkd.in/dgRMZV5C

#F5 fixes two #RCE flaws in #BIGIP, #BIGIQ https://www.bleepingcomputer.com/news/security/f5-fixes-two-remote-code-execution-flaws-in-big-ip-big-iq/

Wrote up a pair of #AttackerKB entries for the two vulnerabilities in #F5 #BigIP that we released today (largely the same as the blog, but more focus on technical and less on the story):

https://attackerkb.com/topics/i21EbdNxks/cve-2022-41622/rapid7-analysis

https://attackerkb.com/topics/ZClTQn4aG4/cve-2022-41800/rapid7-analysis

A couple of #F5 CVEs dropped today outside of our normal notification cadence.

TL;DR: If you haven't left your #BIGIP or #BIGIQ management interfaces open to the world, you're probably in pretty good shape, but still go and read the notification; there are additional mitigation steps in the CVE articles: https://support.f5.com/csp/article/K97843387

Also check out the video @aubreykingf5 posted from DevCentral with some more details about the vulns, impact, and mitigation: https://youtu.be/qRoc0sXlHUg

#infosec

I'm excited to share of my work that came out today! Specifically, a handful of vulnerabilities in #F5 #BIGIP devices that I worked on through the summer, and worked with the vendor to get patched (F5 was awesome to work with, btw!).

I wrote a super detailed #blog post, and also wrote a full PoC. #Metasploit modules (both for the exploits and some post-exploitation data-gathering) are incoming as well!

The most important of the issues is #RCE via a #CSRF vulnerability in the #SOAP interface (#CVE_2022_41622), which is pretty cool (though requires a confluence of conditions to actually matter). I also had to bypass #SELinux to actually exploit this on the path I chose, which is kinda cool.

The other is authenticated RCE, to which they assigned #CVE_2022_41800, though even I, the person who found it, doesn't really think it's a big deal. It's a nice way to get a #Meterpreter session on your test box, at least?

I also published a bunch of my #tools for analyzing F5, including scripts to build, parse, and #MitM requests to their proprietary (I think?) database protocol (these require a valid login to use, but there's no user separation so there's a bit of #LPE).

I'll also be speaking about this research in much more detail (as much as I can in 45 minutes :) ) in my #HushCon talk on Dec 2!

For all my dudes named Ben out there:

*****WARNING*****

If you are upgrading your #bigip and staying on version 12, the version you need is 12.1.5.3 has a memory leak and you NEED an engineering hot fix from F5. #f5 #netops #devops #secops #cloud #adc

https://lnkd.in/dE9UESg