Request a Demo
Rewterz
Rewterz Threat Alert – HawkEye Infostealer – Active IOCs
August 5, 2022
Rewterz
Rewterz Threat Alert – AZORult Malware – Active IOCs
August 5, 2022

Rewterz Threat Advisory – Multiple F5 BIG-IP Vulnerabilities

Severity

High

Analysis Summary

CVE-2022-35728 CVSS:8.1
F5 BIG-IP could allow a remote attacker to bypass security restrictions, caused by an issue with the iControl REST token remain valid after user log out from the Configuration utility. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain access to the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services

CVE-2022-35243 CVSS:8.7
F5 BIG-IP could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the iControl REST endpoint. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass Appliance mode restrictions.

CVE-2022-35236 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when an HTTP2 profile is configured on a virtual server. By sending a specially-crafted traffic, a remote attacker could exploit this vulnerability to cause an increase in memory resource utilization, and results in a denial of service condition.

CVE-2022-35240 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a virtual server. By sending a specially-crafted traffic, a remote attacker could exploit this vulnerability to cause an increase in memory resource utilization, and results in a denial of service condition.

CVE-2022-34655 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when an iRule containing the HTTP::payload command is configured on a virtual server. By sending a specially-crafted traffic, a remote attacker could exploit this vulnerability to cause Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.

Impact

  • Security Bypass
  • Denial of Service

Indicators Of Compromise

CVE

  • CVE-2022-35728
  • CVE-2022-35243
  • CVE-2022-35236
  • CVE-2022-35240
  • CVE-2022-34655

Affected Vendors

  • F5

Affected Products

  • F5 BIG-IP 13.1.0
  • F5 BIG-IP 14.1.0
  • F5 BIG-IQ Centralized Management 7.0.0
  • F5 BIG-IP 15.1.0
  • F5 BIG-IQ Centralized Management 7.1.0
  • F5 BIG-IQ Centralized Management 8.0.0
  • F5 BIG-IQ Centralized Management 8.1.0
  • F5 BIG-IP 16.1.0
  • F5 BIG-IP 13.1.5
  • F5 BIG-IP 17.0.0
  • F5 BIG-IP 15.1.6
  • F5 BIG-IP 16.1.3
  • F5 BIG-IP 14.1.5
  • F5 BIG-IP 14.1.4
  • F5 BIG-IP 16.1.2
  • F5 BIG-IP 15.1.5

Remediation

Refer to F5 Security Advisory for patch, upgrade or suggested workaround information.

F5 Security Advisory