Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>
Idioma: En

Critical Vulnerabilities Uncovered in Cisco IOx and F5 BIG-IP Devices

F5 has issued a warning regarding a significant Vulnerability in their BIG-IP appliance, which could result in a denial-of-service (DoS) attack or allow for arbitrary code execution. The vulnerability stems from the iControl Simple Object Access Protocol (SOAP) interface and affects the following versions of BIG-IP:

Related Articles

  • 13.1.5
  • 14.1.4.6 – 14.1.5
  • 15.1.5.1 – 15.1.8
  • 16.1.2.2 – 16.1.3, and
  • 17.0.0

F5 has alerted users of a high-severity flaw in its BIG-IP appliances that can result in denial-of-service attacks or arbitrary code execution. The vulnerability is located in the iControl Simple Object Access Protocol (SOAP) interface and affects the following BIG-IP versions.

According to the company’s advisory, “A format string vulnerability exists in Icontrol Soap that allows an authenticated attacker to crash the iControl SOAP CGI process or potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.”

The flaw in question, tracked under the identifier CVE-2023-22374, was discovered and reported to F5 by security researcher Ron Bowes of Rapid7 on December 6, 2022. It has been assigned a CVSS score of 7.5 or 8.5.

The security flaw in the iControl Soap Interface, if exploited successfully, can result in a remote attacker executing code on the device with root privileges. This is because the iControl SOAP interface operates as the root user. Ron Bowes of Rapid7, who discovered and reported the issue, stated that the vulnerability can be exploited by inserting malicious format string characters into a query parameter that is passed to the syslog logging function.

To resolve the issue, F5 has released an engineering hotfix for supported versions of BIG-IP. As an interim measure, the company suggests limiting access to the iControl SOAP API to only trusted users.

Cisco Addresses Command Injection Vulnerability in IOx

Cisco has released updates to address a critical flaw in its IOx application hosting environment, CVE-2023-20076, with a CVSS score of 7.2. The vulnerability exposes devices running Cisco IOS XE software and enabled with the IOx feature to the risk of arbitrary command execution by an authenticated, remote attacker as the root user. The impacted devices include 800 Series Industrial ISRs, Catalyst Access Points, CGR1000 Compute Modules, IC3000 Industrial Compute Gateways, and IR510 WPAN Industrial Routers.

Cybersecurity firm Trellix uncovered the vulnerability and warned of the potential supply chain threats. A successful exploitation of this vulnerability could lead to the injection of malicious packages that persist even after system reboots and firmware upgrades, only removable through a factory reset. The attacker must have administrative privileges to execute the exploit, however, adversaries can escalate privileges through phishing or default credentials left unchanged.

In addition, Trellix also discovered a security check bypass during TAR archive extraction, which could allow an attacker to write on the host operating system as the root user. Cisco has since remediated the issue and stated that the vulnerability poses no immediate risk as the code was meant for future application packaging support.



This post first appeared on , please read the originial post: here

Share the post

Critical Vulnerabilities Uncovered in Cisco IOx and F5 BIG-IP Devices

×

Subscribe to

Get updates delivered right to your inbox!

Thank you for your subscription

×