Warning: Undefined array key "HTTP_ACCEPT_LANGUAGE" in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/load.php on line 2057

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rank-math domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u596154002/domains/usbusinessreviews.com/public_html/wp-includes/functions.php on line 6114
CISA adds actively exploited critical F5 BIG-IP bug to its must-patch list - Best Business Review Site 2024

CISA adds actively exploited critical F5 BIG-IP bug to its must-patch list

[ad_1]

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a critical bug in F5’s Big-IP software that is being actively exploited. 

The network and application delivery firm on May 4 disclosed a critical authentication bypass affecting the iControl REST component in multiple versions of its Big-IP software. The bug, tagged as CVE-2022-1388, had a CVSSv3 severity score of 9.8 out of 10 in part because of its ease of exploitation. 

Within days of F5’s advisory, security researchers saw potential attackers scanning for vulnerable F5 system admin interfaces exposed on the internet.      

SEE: Cloud computing security: New guidance aims to keep your data safe from cyberattacks and breaches

Ron Bowes at security company Rapid 7 expects exploitation attempts to increase because the bug is easy to exploit. Also, exploit code that provides root access to affected devices is publicly available.

However, Bowes reckons there are only about 2,500 F5 BIG-IP devices exposed on the internet based on a shodan.io search.

Affected organizations should patch the critical F5 Big-IP bug swiftly. Palo Alto Networks says that on Wednesday it observed over 2,500 scanning and active exploitation attempts within just 10 hours. 

“We observed this signature triggered 2,552 times between 4:47 and 14:00 UTC on May 10. We were able to analyze 2,151 packets that triggered the signature and observed both vulnerability scanning activity and active exploitation attempts,” the security firm’s Unit 42 group said.  

CISA notes that F5 BIG-IP contains a missing authentication in critical function vulnerability that can allow for remote code execution, creation or deletion of files, or disabling services.

The F5 bug is the only new addition this month to CISA’s Known Exploited Vulnerabilities Catalog. Federal civilian agencies are expected to apply the F5 patch by 31 May under CISA’s binding operational directive. However, it recommends organizations beyond the scope of the directive apply the patch too. 

In March, CISA ordered agencies to fix 95 and 66 bugs, many of them older bugs in what appeared to be a massive clean up effort. It added seven bugs in April and five more last week.



[ad_2]

Source link

slot gacor slot gacor togel macau slot hoki bandar togel slot dana slot mahjong link slot link slot777 slot gampang maxwin slot hoki slot mahjong slot maxwin slot mpo slot777 slot toto slot toto situs toto toto slot situs toto situs toto situs toto situs toto slot88 toto slot slot gacor thailand slot bet receh situs toto situs toto slot toto slot situs toto situs toto situs toto situs togel macau toto slot slot demo slot pulsa slot pragmatic situs toto deposit dana 10k surga slot toto slot link situs toto situs toto slot situs toto situs toto slot777 slot gacor situs toto slot slot pulsa 10k toto togel situs toto slot situs toto slot gacor terpercaya slot dana slot gacor pay4d agen sbobet kedai168 kedai168 deposit pulsa situs toto slot pulsa situs toto slot pulsa situs toto situs toto situs toto slot dana toto slot situs toto slot pulsa toto slot situs toto slot pulsa situs toto situs toto situs toto toto slot toto slot slot toto akun pro maxwin situs toto slot gacor maxwin slot gacor maxwin situs toto slot slot depo 10k toto slot toto slot situs toto situs toto toto slot toto slot toto slot toto togel slot toto togel situs toto situs toto toto slot slot gacor slot gacor slot gacor situs toto situs toto cytotec toto slot situs toto situs toto toto slot situs toto situs toto slot gacor maxwin slot gacor maxwin link slot 10k slot gacor maxwin slot gacor slot pulsa situs slot 10k slot 10k toto slot toto slot situs toto situs toto situs toto bandar togel 4d toto slot toto slot situs toto