BIG-IP contains a high-severity format string vulnerability that could allow an authenticated attacker to cause a denial of service (DoS) and possibly execute arbitrary code.
The security flaw, identified as CVE-2023-22374, affects iControl SOAP, an open API that permits system communication and is run as root. Administrative accounts are the only ones with access to the SOAP interface, which is only accessible from the network via the BIG-IP management port and self IP addresses.
The service can read and write memory addresses referred to from the stack by inserting format string specifiers into particular parameters that are passed to the syslog function, according to Rapid7, which discovered the bug.
Read More: F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.