High-Severity RCE Bug in F5 Products Let Attackers Hack the Complete Systems

Teilen:

Experts from Rapid7 observed a customized CentOS installation operating on F5 BIG-IP and BIG-IQ devices found to have various vulnerabilities.

While the other flaws are security bypass methods that F5 does not consider vulnerabilities, two of the vulnerabilities have been categorized as high-severity remote code execution vulnerabilities and given CVE IDs.

Entdeckte Schwachstellen

The first high-severity flaw is tracked as (CVE-2022-41622) is an unauthenticated remote code execution via cross-site request forgery (CSRF) that impacts BIG-IP and BIG-IQ products.

In this case, even if a device’s management interface is not exposed to the internet, exploitation can still enable a remote, unauthenticated attacker to get root access.

“An attacker may trick users who have at least resource administrator role privilege and are authenticated through basic authentication in iControl SOAP into performing critical actions. An attacker can exploit this vulnerability only through the control plane, not through the data plane. If exploited, the vulnerability can compromise the complete system.” reads the advisory published by F5.

The report says exploitation requires the attacker to be familiar with the targeted network and to convince an administrator who is logged in to visit a malicious website that is designed to exploit.

This attack cannot be prevented if you have authenticated to iControl SOAP in the web browser with basic authentication. This authentication mechanism is uncommon and is different from using the login page for the Configuration utility.

F5 advises against using basic authentication for web browser authentication. Don’t enter credentials if a web browser authentication popup is on the web browser.

The second high-severity flaw, (CVE-2022-41800), enables an attacker with administrative rights to execute arbitrary shell commands via RPM specification files.

It resides in the Appliance mode iControl REST and is an authenticated remote code execution via RPM spec injection. An authenticated user with appropriate user credentials assigned to the Administrator role can bypass restrictions in Appliance mode.

“In Appliance mode, an authenticated user with valid user credentials assigned the Administrator role may be able to bypass Appliance mode restrictions. This is a control plane issue; there is no data plane exposure”, reads the advisory

“Appliance mode is enforced by a specific license or may be enabled or disabled for individual Virtual Clustered Multiprocessing (vCMP) guest instances”.

In this case, F5 recommends temporary mitigations that reduce the threat surface by limiting access to iControl REST to only trustworthy networks or devices.

In order to access a highly privileged administrative account, the attacker must possess the correct credentials. As a result, limiting access could still leave the device vulnerable to lateral movement from a hacked device within the trusted range or insider threat.

The following are the bypasses of security controls that F5 rejected because not exploitable, including two SELinux bypass techniques and a local privilege escalation via bad UNIX socket permissions.

https://gbhackers.com/remote-code-execution-bug-in-f5/

High-Severity RCE Bug in F5 Products Let Attackers Hack the Complete Systems

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
1:28 pm, Juli 11, 2025
Wetter-Symbol 30°C
L: 28° | H: 32°
wenige Wolken
Luftfeuchtigkeit: 41 %
Druck: 1020 mb
Wind: 6 mph NNE
Windböe: 9 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 13%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:56 am
Sonnenuntergang: 9:15 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
28° | 32°°C 0 mm 0% 8 mph 47 % 1019 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
18° | 30°°C 0 mm 0% 9 mph 65 % 1018 mb 0 mm/h
So. Juli 13 10:00 pm
Wetter-Symbol
17° | 27°°C 0 mm 0% 7 mph 73 % 1014 mb 0 mm/h
Mo. Juli 14 10:00 pm
Wetter-Symbol
20° | 29°°C 0 mm 0% 14 mph 71 % 1017 mb 0 mm/h
Di. Juli 15 10:00 pm
Wetter-Symbol
15° | 27°°C 0 mm 0% 13 mph 71 % 1021 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
30° | 31°°C 0 mm 0% 5 mph 37 % 1019 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
28° | 28°°C 0 mm 0% 5 mph 32 % 1018 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
22° | 22°°C 0 mm 0% 8 mph 47 % 1019 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
18° | 18°°C 0 mm 0% 4 mph 55 % 1018 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
19° | 19°°C 0 mm 0% 4 mph 65 % 1018 mb 0 mm/h
Tomorrow 7:00 am
Wetter-Symbol
19° | 19°°C 0 mm 0% 6 mph 64 % 1018 mb 0 mm/h
Tomorrow 10:00 am
Wetter-Symbol
24° | 24°°C 0 mm 0% 6 mph 45 % 1017 mb 0 mm/h
Tomorrow 1:00 pm
Wetter-Symbol
28° | 28°°C 0 mm 0% 7 mph 30 % 1015 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€100,979.92
6.47%
Ethereum(ETH)
€2,555.34
7.74%
Fesseln(USDT)
€0.86
-0.01%
XRP(XRP)
€2.26
7.92%
Solana(SOL)
€140.32
4.29%
USDC(USDC)
€0.86
-0.01%
Dogecoin(DOGE)
€0.170457
10.61%
Shiba Inu(SHIB)
€0.000011
8.20%
Pepe(PEPE)
€0.000011
15.71%
Peanut das Eichhörnchen(PNUT)
€0.248573
19.26%
Nach oben scrollen