I'm excited to share of my work that came out today! Specifically, a handful of vulnerabilities in #F5 #BIGIP devices that I worked on through the summer, and worked with the vendor to get patched (F5 was awesome to work with, btw!).

I wrote a super detailed #blog post, and also wrote a full PoC. #Metasploit modules (both for the exploits and some post-exploitation data-gathering) are incoming as well!

The most important of the issues is #RCE via a #CSRF vulnerability in the #SOAP interface (#CVE_2022_41622), which is pretty cool (though requires a confluence of conditions to actually matter). I also had to bypass #SELinux to actually exploit this on the path I chose, which is kinda cool.

The other is authenticated RCE, to which they assigned #CVE_2022_41800, though even I, the person who found it, doesn't really think it's a big deal. It's a nice way to get a #Meterpreter session on your test box, at least?

I also published a bunch of my #tools for analyzing F5, including scripts to build, parse, and #MitM requests to their proprietary (I think?) database protocol (these require a valid login to use, but there's no user separation so there's a bit of #LPE).

I'll also be speaking about this research in much more detail (as much as I can in 45 minutes :) ) in my #HushCon talk on Dec 2!