CVE-2022-1388: What is Authentication Bypass in F5 BIG-IP?

'BARBAROS

'BARBAROS

Uzman üye
19 Haz 2021
1,717
36
1,074
المملكة العربية السعودية - ממלכת שמיים
logo.png

1.png


Görsel


CVE-2022-1388: What is Authentication Bypass in F5 BIG-IP?
As part of the May 2022 Quarterly Security Bulletin, F5 patched CVE-2022-1388; this is a critical authentication bypass vulnerability in the BIG-IP family, used for application delivery and central device management.

Attackers had exploited previously disclosed BIG-IP vulnerabilities: CVE-2021-22986, a flaw in the iControl REST component of BIG-IP, and CVE-2020-5902, a vulnerability in the BIG-IP traffic management user interface. Both had fallen victim to attacks. The Security Response Team included CVE-2020-5902 among the top 5 vulnerabilities due to the attack scope used in the 2020 Threat Landscape Retrospective. Shortly after the initial evidence was published, on May 9th, attack attempts were detected in the wild.

What is CVE-2022-1388?
CVE-2022-1388 is an authentication bypass vulnerability in the iControl API's REST component of BIG-IP, assigned a CVSSv3 score of 9.8. The iControl REST API is used for the management and configuration of BIG-IP devices. CVE-2022-1388 can be exploited by an unauthenticated attacker with network access to the management port or self-assigned IP addresses of devices using BIG-IP. The attack allows the adversary to execute arbitrary system commands, create and delete files, and disable services.

Solution
To mitigate the attack surface, organizations can restrict sensitive iControl REST API access to trusted networks and devices. It is recommended to block access from untrusted networks to device management interfaces.

The table below includes affected BIG-IP versions and the patched versions:
BranchAffected VersionsFixed Version
17.xNone17.0.0
16.x16.1.0 - 16.1.216.1.2.2
15.x15.1.0 - 15.1.515.1.5.1
14.x14.1.0 - 14.1.414.1.4.6
13.x13.1.0 - 13.1.413.1.5
12.x12.1.0 - 12.1.6Will not fix
11.x11.6.1 - 11.6.5Will not fix

To identify this vulnerability, you can access a list of Tenable plugins here. To check for the Httpd vulnerability, a compliance check file is available here. Additionally, a remote check plugin has been released to determine if your F5 BIG-IP deployments are vulnerable to CVE-2022-1388.

Click on these links:
F5 Advisory for CVE-2022-5902
K55879220: Overview of F5 vulnerabilities (May 2022)
Source : https://www.turkhackteam.org/konula...ipte-kimlik-dogrulama-atlatma-bypass.2048858/
 
Cevap yazmak için giriş yap yada kayıt ol.
Üst

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.