Rewterz Threat Alert – Asnarok Trojan targets Sophos firewalls
April 27, 2020Rewterz Threat Alert – Bazar Backdoor IoCs
April 28, 2020Rewterz Threat Alert – Asnarok Trojan targets Sophos firewalls
April 27, 2020Rewterz Threat Alert – Bazar Backdoor IoCs
April 28, 2020Severity
High
Analysis Summary
F5 BIG-IQ Centralized Management could allow a remote attacker to bypass security restrictions, caused by improper authentication validation in the high availability (HA) synchronization mechanisms. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
Impact
Security bypass
Affected Vendors
F5
Affected Products
- F5 BIG-IQ Centralized Management 5.4.0
- F5 BIG-IQ Centralized Management 6.0.0
- F5 BIG-IQ Centralized Management 6.1.0
- F5 BIG-IQ Centralized Management 5.2.0
- F5 BIG-IQ Centralized Management 7.1.0
- F5 BIG-IQ Centralized Management 7.0.0
- F5 BIG-IQ Centralized Management 7.3.0
Remediation
Refer to F5 Security Advisory K69422435 for upgraded patch.