Security News > 2022 > May > F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability
Cloud security and application delivery network provider F5 on Wednesday released patches to contain 43 bugs spanning its products.
"This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services," F5 said in an advisory.
Block iControl REST access through the self IP address.
Block iControl REST access through the management interface.
With F5 appliances widely deployed in enterprise networks, it's imperative that organizations move quickly to apply the patches to prevent threat actors from exploiting the attack vector for initial access.
The security fixes come as the U.S. Cybersecurity and Infrastructure Security Agency added five new flaws to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation -.
News URL
https://thehackernews.com/2022/05/f5-warns-of-new-critical-big-ip-remote.html
Related news
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution (source)
- Rsync vulnerabilities allow remote code execution on servers, patch quickly! (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks (source)
- GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)