RCE flaw in F5 BIG-IP and BIG-IQ

Threat Advisories

RCE flaw in F5 BIG-IP and BIG-IQ

Threat Level
Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

Two security flaws in F5 BIG-IP and BIG-IQ can be exploited to enable remote code execution. An adversary could get persistent root access to the device’s management interface by successfully exploiting the vulnerability (CVE-2022-41622), however this requires the attacker to know the address for a certain BIG-IP instance. Although the proof of concept is available, such an exploit requires an administrator with an active session visiting a rogue website.