Rewterz Threat Alert – Lazarus APT Group – Active IOCs
November 11, 2021Rewterz Threat Advisory – Multiple Zoom Vulnerabilities
November 11, 2021Rewterz Threat Alert – Lazarus APT Group – Active IOCs
November 11, 2021Rewterz Threat Advisory – Multiple Zoom Vulnerabilities
November 11, 2021Severity
Medium
Analysis Summary
CVE-2021-23055
F5 NGINX Ingress Controller could allow a remote authenticated attacker to obtain sensitive information, caused by an issue with Ingress resources can be configured without setting the -enable-snippets command-line argument. By sending a specially crafted request, an attacker could exploit this vulnerability to gain access to secret information, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Affected Vendors
F5
Affected Products
- F5 NGINX Ingress Controller 1.0.0
- F5 NGINX Ingress Controller 1.12.2
- F5 NGINX Ingress Controller 2.0.0
- F5 NGINX Ingress Controller 2.0.2
Remediation
Refer to F5 Security Advisory for patch, upgrade, or suggested workaround information.