Rewterz Threat Alert – HawkEye Infostealer – Active IOCs
August 5, 2022Rewterz Threat Alert – AZORult Malware – Active IOCs
August 5, 2022Rewterz Threat Alert – HawkEye Infostealer – Active IOCs
August 5, 2022Rewterz Threat Alert – AZORult Malware – Active IOCs
August 5, 2022Severity
High
Analysis Summary
CVE-2022-35728 CVSS:8.1
F5 BIG-IP could allow a remote attacker to bypass security restrictions, caused by an issue with the iControl REST token remain valid after user log out from the Configuration utility. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain access to the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services
CVE-2022-35243 CVSS:8.7
F5 BIG-IP could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the iControl REST endpoint. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass Appliance mode restrictions.
CVE-2022-35236 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when an HTTP2 profile is configured on a virtual server. By sending a specially-crafted traffic, a remote attacker could exploit this vulnerability to cause an increase in memory resource utilization, and results in a denial of service condition.
CVE-2022-35240 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a virtual server. By sending a specially-crafted traffic, a remote attacker could exploit this vulnerability to cause an increase in memory resource utilization, and results in a denial of service condition.
CVE-2022-34655 CVSS:7.5
F5 BIG-IP is vulnerable to a denial of service, caused by a flaw when an iRule containing the HTTP::payload command is configured on a virtual server. By sending a specially-crafted traffic, a remote attacker could exploit this vulnerability to cause Traffic Management Microkernel (TMM) to terminate, and results in a denial of service condition.
Impact
- Security Bypass
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-35728
- CVE-2022-35243
- CVE-2022-35236
- CVE-2022-35240
- CVE-2022-34655
Affected Vendors
- F5
Affected Products
- F5 BIG-IP 13.1.0
- F5 BIG-IP 14.1.0
- F5 BIG-IQ Centralized Management 7.0.0
- F5 BIG-IP 15.1.0
- F5 BIG-IQ Centralized Management 7.1.0
- F5 BIG-IQ Centralized Management 8.0.0
- F5 BIG-IQ Centralized Management 8.1.0
- F5 BIG-IP 16.1.0
- F5 BIG-IP 13.1.5
- F5 BIG-IP 17.0.0
- F5 BIG-IP 15.1.6
- F5 BIG-IP 16.1.3
- F5 BIG-IP 14.1.5
- F5 BIG-IP 14.1.4
- F5 BIG-IP 16.1.2
- F5 BIG-IP 15.1.5
Remediation
Refer to F5 Security Advisory for patch, upgrade or suggested workaround information.