Technology firm F5 patches a high-severity elevation of privilege vulnerability in BIG-IP and a medium-severity flaw in BIG-IQ. F5 addressed two vulnerabilities in BIG-IP and BIG-IQ enterprise products, respectively tracked as CVE-2024-45844 and CVE-2024-47139. An authenticated attacker, with Manager role privileges or higher, could exploit the vulnerability CVE-2024-45844 to elevate privileges and compromise the BIG-IP […]
Chinese cyberespionage group Velvet Ant was spotted using custom malware to target F5 BIG-IP appliances to breach target networks. In late 2023, Sygnia researchers responded to an incident suffered by a large organization that they attributed to a China-linked threat actor tracked as ‘Velvet Ant.’ The cyberspies deployed custom malware on F5 BIG-IP appliances to […]
US CISA added two vulnerabilities, tracked as CVE-2023-46747 and CVE-2023-46748, in BIG-IP to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerabilities CVE-2023-46747 and CVE-2023-46748 in BIG-IP to its Known Exploited Vulnerabilities catalog. CISA has the two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. The two […]
F5 warns customers of a critical vulnerability impacting BIG-IP that could lead to unauthenticated remote code execution. F5 is warning customers about a critical security vulnerability, tracked as CVE-2023-46747 (CVSS 9.8), that impacts BIG-IP and could result in unauthenticated remote code execution. The vulnerability resides in the configuration utility component, it was reported by Michael […]
Experts warn of a high-severity vulnerability that affects F5 BIG-IP that can lead to arbitrary code execution or DoS condition. A high-severity vulnerability in F5 BIG-IP, tracked as CVE-2023-22374, can be exploited to cause a DoS condition and potentially lead to arbitrary code execution. “A format string vulnerability exists in iControl SOAP that allows an […]
US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-1388 flaw in F5 BIG-IP products to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added critical CVE-2022-1388 flaw in F5 BIG-IP products to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known […]
F5 has addressed more than a dozen severe vulnerabilities in its BIG-IP networking device, including one rated as critical severity under specific conditions. Security vendor F5 has addressed more than a dozen high-severity vulnerabilities in its BIG-IP networking device, including an issue that was considered as critical severity when exploited under specific conditions. The flaw, […]
A security researcher discovered a flaw in the F5 BIG-IP product that can be exploited to conduct denial-of-service (DoS) attacks. The security expert Nikita Abramov from Positive Technologies discovered a DoS vulnerability, tracked as CVE-2020-27716, that affects certain versions of F5 BIG-IP Access Policy Manager (APM). The F5 BIG-IP Access Policy Manager is a secure, flexible, […]
CISA published an advisory on China-linked groups targeting government agencies by exploiting flaws in Microsoft Exchange, Citrix, Pulse, and F5 systems. CISA published a security advisory warning of a wave of attacks carried out by China-linked APT groups affiliated with China’s Ministry of State Security. Chinese state-sponsored hackers have probed US government networks looking for vulnerable networking […]
The U.S. CISA is warning of the active exploitation of the unauthenticated remote code execution CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about the active exploitation of the unauthenticated remote code execution (RCE) CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. The alert includes additional […]