A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.
Affected devices:
This issue affects BIG-IP only (not BIG-IQ), and at the moment of publishing the current advisory, they are not yet patched. The currently supported versions known to be vulnerable are:
- F5 BIG-IP 17.0.0
- F5 BIG-IP 16.1.2.2 – 16.1.3
- F5 BIG-IP 15.1.5.1 – 15.1.8
- F5 BIG-IP 14.1.4.6 – 14.1.5
- F5 BIG-IP 13.1.5
If any of the affected versions of this product exist on your infrastructure and since the official patch has not been published yet, kindly:
Make sure to follow F5’s security advisory to mitigate any possible attacks.
The Threat Hunting and SOC teams of OBRELA remain vigilant and continue to monitor the activity.
References:
https://my.f5.com/manage/s/article/K000130415
https://www.rapid7.com/blog/post/2023/02/01/cve-2023-22374-f5-big-ip-format-string-vulnerability/
