F5, a supplier of security and application delivery solutions, delivered another quarterly security notification on Wednesday, informing clients of more than 50 vulnerabilities and security exposures.
An unauthenticated attacker with network access to a BIG-IP system can exploit the major weakness, which is listed as CVE-2022-1388, to execute arbitrary system commands, create or delete files, or stop services. The problem is with the iControl REST component, and it is stated as a “control plane issue” with no data plane exposure. Read More…