A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.
This issue affects BIG-IP only (not BIG-IQ), and at the moment of publishing the current advisory, they are not yet patched. The currently supported versions known to be vulnerable are:
- F5 BIG-IP 17.0.0
- F5 BIG-IP 22.214.171.124 – 16.1.3
- F5 BIG-IP 126.96.36.199 – 15.1.8
- F5 BIG-IP 188.8.131.52 – 14.1.5
- F5 BIG-IP 13.1.5
If any of the affected versions of this product exist on your infrastructure and since the official patch has not been published yet, kindly:
Make sure to follow F5’s security advisory to mitigate any possible attacks.
The Threat Hunting and SOC teams of OBRELA remain vigilant and continue to monitor the activity.