August 20, 2024 at 07:18AM In August 2024, F5 released patches for nine vulnerabilities, including high-severity flaws in BIG-IP and NGINX Plus. The most severe issue, CVE-2024-39809, impacts BIG-IP Next Central Manager, allowing attackers to access systems after user logout. F5 also addressed CVE-2024-39778, CVE-2024-39792, and CVE-2024-41727, as well as five medium-severity flaws. Mitigation actions … Read more
May 9, 2024 at 07:09AM F5 announced patches for its BIG-IP Next Central Manager to fix five vulnerabilities allowing complete device control. Eclypsium found the vulnerabilities but only two have CVE identifiers. One patched vulnerability is high severity, enabling unauthenticated attackers to execute malicious SQL statements. F5 states no impact beyond Next Central Manager. Eclypsium … Read more
May 8, 2024 at 03:55PM F5 has addressed two critical vulnerabilities in BIG-IP Next Central Manager, allowing attackers to gain admin control and create hidden rogue accounts. Exploiting SQL and OData injection flaws, unauthenticated attackers could execute malicious code remotely. Despite a temporary mitigation, F5 urges immediate patching or access restriction. There’s currently no evidence … Read more
January 23, 2024 at 06:54AM F5 announced that Samir Sherif is named Senior Vice President and Chief Information Security Officer. In the role, he will lead the enterprise cybersecurity strategy, security culture, and oversee cybersecurity standards and programs. Sherif has previously served as CISO at Absolute Software and Imperva and had a long career at … Read more
November 1, 2023 at 12:30PM Cybersecurity company F5’s BIG-IP suite has been found to have vulnerabilities that are already being exploited after proof of concept code was shared online. F5 confirmed evidence of active exploitation just days after limited-detail research was published. The vulnerabilities include an Apache JServ Protocol smuggling vulnerability and an SQL injection … Read more
November 1, 2023 at 10:54AM F5 is warning administrators of their BIG-IP devices about skilled hackers exploiting recently disclosed vulnerabilities. These hackers erase signs of their access and achieve stealthy code execution. Two critical vulnerabilities were identified, and F5 has urged admins to apply available security updates. The vulnerabilities allow for authentication bypass and SQL … Read more
November 1, 2023 at 02:11AM F5 has warned of active exploitation of a critical security flaw in BIG-IP, allowing attackers to execute arbitrary system commands. The vulnerability, tracked as CVE-2023-46747, affects several versions of the software. Additionally, F5 has observed threat actors using this vulnerability in conjunction with CVE-2023-46748, an authenticated SQL injection flaw. Users … Read more
October 31, 2023 at 11:51AM Hackers are actively exploiting a critical vulnerability in F5’s BIG-IP product, just five days after its disclosure. The flaw allows for remote code execution and unauthorized access. F5 has released hotfixes and is urging customers to install them immediately. Attackers are also exploiting another vulnerability in BIG-IP’s configuration utility. F5 … Read more
October 27, 2023 at 10:43AM F5 has issued a warning to customers about a critical vulnerability in its BIG-IP product. The vulnerability, tracked as CVE-2023-46747, allows an unauthenticated attacker to remotely execute arbitrary code. The flaw is closely related to a request smuggling issue in the Apache HTTP Server and can be exploited to gain … Read more
October 11, 2023 at 08:24AM Tech companies including Cloudflare, AWS, and Google have responded to the HTTP/2 zero-day vulnerability that led to massive distributed denial-of-service attacks. The attacks exploited the HTTP/2 Rapid Reset feature, resulting in servers being taken down. Organizations like CISA, Microsoft, NGINX, F5, Netty, Apache, Swift, and Linux distributions have issued advisories … Read more