Vulnerabilities in F5

 THREAT HUNTER (GUARD YOUR DEVICE)

Vulnerability News #0003

January 25, 2022



Name News : Vulnerabilities in F5

Affected System : NGINX Controller

Vulnerability Involved : CVE-2022-23008, CVE-2022-23013

News Detail

F5, a networking and application delivery technology company, has patched a pair of high-impact web security flaws. A code injection vulnerability involving F5's NGINX Controller API Management technology, which allows DevOps teams to "create, publish, secure, monitor, and analyze APIs," was the first item on the triage list. An authorized attacker with the 'user' or 'admin' role can exploit NGINX Controller API Management's unknown API endpoints to inject JavaScript code into managed NGINX data plane instances.


The CVE-2022-23008 vulnerability is the most serious weakness in F5's most recent patch batch. An attacker who successfully exploited the weakness would be able to read and/or write files on the NGINX data plane instance. Internally, F5 uncovered the vulnerability. It is recommended that users upgrade to version 3.19.1. 


A DOM-based cross-site scripting (XSS) vulnerability affecting F5's BIG-IP load balancer is also worth noting. An attacker might utilize the CVE-2022-23013 vulnerability in the BIG-IP Configuration utility to execute JavaScript in the context of the currently logged-in user. F5's linked security alert contains a detailed explanation of the content of the patches, as well as proposed remediation recommendations.

Suggestion

Upgrade to Version 2.191.1


Imprint

  • An authenticated attacker with access to the ‘user’ or ‘admin’ role to inject JavaScript code that is executed on managed NGINX data plane instances
  • Allow an attacker to read and/or write files on the NGINX data plane instance.
  • Allow an attacker to execute JavaScript in the context of the currently logged-in user.

References:

https://portswigger.net/daily-swig/f5-fixes-high-risk-nginx-controller-vulnerability-in-january-patch-rollout
https://support.f5.com/csp/article/K40084114
https://www.securityweek.com/f5-patches-two-dozen-vulnerabilities-big-ip

© SAS Threat Hunter 

Direct to sasmoza.enterprise Sdn. Bhd for Subscribing News

Comments

Post a Comment

Popular Posts