Two security flaws in F5 BIG-IP and BIG-IQ can be exploited to enable remote code execution. An adversary could get persistent root access to the device’s management interface by successfully exploiting the vulnerability (CVE-2022-41622), however this requires the attacker to know the address for a certain BIG-IP instance. Although the proof of concept is available, such an exploit requires an administrator with an active session visiting a rogue website.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox