Advisory February 3, 2023

CVE-2023-22374: F5 BIG-IP Format String Vulnerability

The Obrela SOC Team

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.

Affected devices:

This issue affects BIG-IP only (not BIG-IQ), and at the moment of publishing the current advisory, they are not yet patched. The currently supported versions known to be vulnerable are:

  • F5 BIG-IP 17.0.0
  • F5 BIG-IP 16.1.2.2 – 16.1.3
  • F5 BIG-IP 15.1.5.1 – 15.1.8
  • F5 BIG-IP 14.1.4.6 – 14.1.5
  • F5 BIG-IP 13.1.5

If any of the affected versions of this product exist on your infrastructure and since the official patch has not been published yet, kindly:

Make sure to follow F5’s security advisory to mitigate any possible attacks.

The Threat Hunting and SOC teams of OBRELA remain vigilant and continue to monitor the activity.

References:

https://my.f5.com/manage/s/article/K000130415

https://www.rapid7.com/blog/post/2023/02/01/cve-2023-22374-f5-big-ip-format-string-vulnerability/