F5 Networks‘ BIG-IP multi-purpose networking devices/modules are vulnerable to unauthenticated remote code execution attacks via CVE-2022-1388. “This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services,” F5 warned yesterday. About CVE-2022-1388 CVE-2022-1388 allows undisclosed requests to bypass iControl REST authentication – just like CVE-2021-22986, which has been patched in March 2021 … More →
The post Critical F5 BIG-IP flaw allows device takeover, patch ASAP! (CVE-2022-1388) appeared first on Help Net Security.
http://news.poseidon-us.com/SPpT0Y