Dozen High-Severity Vulnerabilities Patched in F5 Products
Residence › Vulnerabilities
Dozen Excessive-Severity Vulnerabilities Patched in F5 Merchandise
By Eduard Kovacs on October 21, 2022
Tweet
Safety and utility supply firm F5 has launched its October 2022 quarterly safety notification, informing prospects a few complete of 18 vulnerabilities affecting its merchandise.
A dozen of those vulnerabilities had been assigned a ‘excessive severity’ ranking. One among them is an authenticated distant code execution vulnerability affecting methods deployed in normal or equipment mode. The problem has a ‘crucial’ ranking if the gadget is in equipment mode. An attacker with elevated privileges can exploit the flaw to run arbitrary system instructions, create or delete information, or disable companies.
A majority of the remaining high-severity vulnerabilities can enable a distant, unauthenticated attacker to launch denial-of-service (DoS) assaults.
As well as, three of the advisories are associated to NGINX modules and so they describe flaws that may enable an area attacker to trigger an NGINX employee course of to terminate.
A ‘excessive severity’ ranking has additionally been assigned to an F5OS vulnerability that may be exploited for privilege escalation.
F5’s subsequent quarterly updates are scheduled for February 1, 2023. The 2 earlier quarterly notifications — launched in Could and August — knowledgeable prospects about 50 and 21 vulnerabilities, respectively.
BIG-IP customers shouldn’t ignore these patches as risk actors have been identified to focus on vulnerabilities affecting the product. The latest instance is CVE-2022-1388, which noticed mass exploitation earlier this 12 months, with some hackers leveraging it to destroy BIG-IP home equipment.
Associated: Iranian Hackers Goal Vital Vulnerability in F5’s BIG-IP
Associated: F5 Patches Two Dozen Vulnerabilities in BIG-IP
Associated: Vulnerability Exposes F5 BIG-IP Techniques to Distant DoS Assaults
Get the Each day Briefing
- Most Latest
- Most Learn
- FBI Warns of Iranian Cyber Agency’s Hack-and-Leak Operations
- Knowledge of three Million Advocate Aurora Well being Sufferers Uncovered through Malformed Pixel
- Text4Shell Vulnerability Exploitation Makes an attempt Began Quickly After Disclosure
- Dozen Excessive-Severity Vulnerabilities Patched in F5 Merchandise
- CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware
- France Slaps Advantageous on Face Recognition Agency Clearview AI
- Google’s GUAC Open Supply Instrument Centralizes Software program Safety Metadata
- Password Report: Honeypot Knowledge Exhibits Bot Assault Developments Towards RDP, SSH
- SIM Swappers Sentenced to Jail for Hacking Accounts, Stealing Cryptocurrency
- Anonos Raises $50 Million for Knowledge Privateness Platform
On the lookout for Malware in All of the Flawed Locations?
First Step For The Web’s subsequent 25 years: Including Safety to the DNS
Tattle Story: What Your Laptop Says About You
Be in a Place to Act Via Cyber Situational Consciousness
Report Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant
2010, A Nice 12 months To Be a Scammer.
Do not Let DNS be Your Single Level of Failure
Tips on how to Determine Malware in a Blink
Defining and Debating Cyber Warfare
The 5 A’s that Make Cybercrime so Engaging
Tips on how to Defend Towards DDoS Assaults
Safety Budgets Not in Line with Threats
Anycast – Three Causes Why Your DNS Community Ought to Use It
The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering Organizations
Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise